-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Importable packages #177
Comments
sorry for the late reply. First of all, thank you for the amazing work at aquasecurity/trivy@main...HadrienPatte:trivy:chisel! This is how we see the adoption of Chisel manifests happening upstream and I'm thrilled to see your take on it. What you are asking in this issue is definitely the right move 👍 (especially for We will be looking into this over the next few weeks (also considering the holiday break), as there are a couple of things we need to revisit:
(FYI @letFunny @rebornplusplus @zhijie-yang ) |
I think we could expose jsonwall and manifest reading depending on what we decide and your questions above. Exposing manifest writing and the convenience functions we use internally would be quite a bit more tricky because of the dependencies with internal packages. EDIT: Essentially the symbol list above would not require us to export any internal dependencies. |
Hi @HadrienPatte, first of all thank you for your contributions and for raising this issue with the comprehensive list of functions that you need. We have started working on your suggestion at #182 (as a draft PR for now). There are still some bureaucracy questions that we need to answer before merging the code, for example regarding licensing and, as @cjdcordeiro said, we are now going into the Christmas break, but we'll continue to work on the PR once we are back. |
Currently all the go packages that power chisel are under an
internal
directory, making them non importable from other go projects. The goal of this issue is to start a conversation and gauge interest in making some or parts of those packages importable by moving them out of thatinternal
directory.In particular, it would be very useful for types and functions related to manifest files to be importable from other projects in order to avoid duplicated code and rely on a single source of truth implementation for parsing those manifest files. These manifest files parsing functions would be very useful to add support for scanning chisel manifests in SBOM-generating tools like trivy.
Symbols that I believe would be valuable to be importable outside of this repository:
Most of the
jsonwall
package:Some of the
manifest
package:Overall, the
manifest
package would be nice to have public but thejsonwall
is the minimum required to conformably manipulate chisel manifests. One advantage of thejsonwall
package is that it currently has no dependency on any other internal package.The text was updated successfully, but these errors were encountered: