search

openrewrite / rewrite-recipe-markdown-generator

Utility that generates OpenRewrite recipe documentation in markdown format for all recipes on the classpath.
https://docs.openrewrite.org/recipes
Apache License 2.0
2 stars 7 forks source link

Add data tables to auto-generated docs #60

Closed mike-solomon closed 1 year ago

mike-solomon commented 1 year ago

Fixes: https://github.com/openrewrite/rewrite-recipe-markdown-generator/issues/57

Here's an example of what a recipe doc with data tables looks like:

Check for dependency vulnerabilities

org.openrewrite.java.dependencies.DependencyVulnerabilityCheck

_This is a software composition analysis (SCA) tool which detects publicly disclosed vulnerabilities. If vulnerabilities are found, it will generate a report linking to the associated CVE entries. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable._

Source

GitHub, Issue Tracker, Maven Central

Options

Type Name Description
String scope Match dependencies with the specified scope
Boolean overrideManagedVersion Optional. This flag can be set to explicitly override a managed dependency's version. The default for this flag is false.
Boolean addMarkers Optional. Report each vulnerability in search results. If this is off, it is easier to see suggested changes.

Data Tables (Only available on the Moderne platform)

Vulnerability report

Contains a vulnerability report the affected artifact and the vulnerability's CVE information.

Column Name Description
CVE The CVE number.
Group The first part of a dependency coordinate com.google.guava:guava:VERSION.
Artifact The second part of a dependency coordinate com.google.guava:guava:VERSION.
Version The resolved version.
Fixed in version The minimum version that is no longer vulnerable.
Fixable with version update only Whether the vulnerability is likely to be fixed by increasing the dependency version only, with no code modifications required. This is a heuristic which assumes that the dependency is accurately versioned according to semver.
Summary The summary of the CVE.
Base score The calculated base score.
Depth Zero for direct dependencies.

Usage

This recipe has required configuration parameters. Recipes with required configuration parameters cannot be activated directly. To activate this recipe you must create a new recipe which fills in the required parameters. In your rewrite.yml create a new recipe with a unique name. For example: com.yourorg.DependencyVulnerabilityCheckExample. Here's how you can define and customize such a recipe within your rewrite.yml:

{% code title="rewrite.yml" %}

---
type: specs.openrewrite.org/v1beta/recipe
name: com.yourorg.DependencyVulnerabilityCheckExample
displayName: Check for dependency vulnerabilities example
recipeList:
  - org.openrewrite.java.dependencies.DependencyVulnerabilityCheck:
      scope: compile
      overrideManagedVersion: false
      addMarkers: null

{% endcode %}

Now that com.yourorg.DependencyVulnerabilityCheckExample has been defined activate it and take a dependency on org.openrewrite.recipe:rewrite-java-dependencies:1.0.1 in your build file: {% tabs %} {% tab title="Gradle" %} {% code title="build.gradle" %}

plugins {
    id("org.openrewrite.rewrite") version("6.1.2")
}

rewrite {
    activeRecipe("com.yourorg.DependencyVulnerabilityCheckExample")
}

repositories {
    mavenCentral()
}

dependencies {
    rewrite("org.openrewrite.recipe:rewrite-java-dependencies:1.0.1")
}

{% endcode %} {% endtab %} {% tab title="Maven" %} {% code title="pom.xml" %}

<project>
  <build>
    <plugins>
      <plugin>
        <groupId>org.openrewrite.maven</groupId>
        <artifactId>rewrite-maven-plugin</artifactId>
        <version>5.2.1</version>
        <configuration>
          <activeRecipes>
            <recipe>com.yourorg.DependencyVulnerabilityCheckExample</recipe>
          </activeRecipes>
        </configuration>
        <dependencies>
          <dependency>
            <groupId>org.openrewrite.recipe</groupId>
            <artifactId>rewrite-java-dependencies</artifactId>
            <version>1.0.1</version>
          </dependency>
        </dependencies>
      </plugin>
    </plugins>
  </build>
</project>

{% endcode %} {% endtab %} {% endtabs %}

See how this recipe works across multiple open-source repositories

Moderne Link Image

The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.

Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.

timtebeek commented 1 year ago

Promising start! My one concern is that this also includes the data tables that are present for every run, such as Recipe performance. I don't think is worthwhile to report those on all 1000+ recipes, but also not sure how best to handle those otherwise. Maybe hide only those in a collapsible block? Open to other suggestions.

sambsnyd commented 1 year ago

Agree that we should not show the always-there data tables on every recipe

mike-solomon commented 1 year ago

👍 Since it sounds like we don’t want to show these - should I just filter out the data tables with names that match the common ones? Most recipes wouldn’t show any data tables at that point. Dunno if that’s okay or not. Could also just list the common ones as a bullet point or something.

sambsnyd commented 1 year ago

Most recipes have no data tables of their own, so it is correct not to display any

mike-solomon commented 1 year ago

@sambsnyd @timtebeek Updated to filter out the three common data tables I'm aware of. If there are any others I should filter out, please let me know.