Open dgkf opened 4 months ago
Created https://github.com/pharmaR/repos/blob/feature/riskscore/.Rprofile, following the example of https://github.com/dgkf/rvalhub-repo-filters-mvp/tree/main. I have added a function that mocks pak::pkg_install
, as the original doesn't filter with available.packages
, and it was mentioned that utils::install.packages
doesn't currently work with our repo. I don't think my solution is 100% solid, as I am not sure that dependences are filtered as well, but this is a start.
I have successfully tested this code by first creating a new folder in the repo for my OS that contained 2 packages, one with a risk score > 0.66, the other < 0.66. Then, after changing the risk threshold to 0.66, the following happens, which is the desired behavior:
The Coverage metric is absent from the
PACKAGE
file, which is why I had to simplify the filter created by @dgkf.
@yannfeat - I think the pak::pkg_install
might be unnecessary. The available_packages_filters
option should limit the packages that are provided by available.packages
. Assuming pak::pkg_install
uses available.packages()
internally, the filter will automatically be applied at that stage.
Mocking install.packages
was only used in that demo to inject a oysteR
scan of the packages to be installed for security vulnerabilities.
Otherwise, this looks great. I'm glad you had success using the filters with the repos
solution!!
@yannfeat - I think the
pak::pkg_install
might be unnecessary. Theavailable_packages_filters
option should limit the packages that are provided byavailable.packages
. Assumingpak::pkg_install
usesavailable.packages()
internally, the filter will automatically be applied at that stage.Mocking
install.packages
was only used in that demo to inject aoysteR
scan of the packages to be installed for security vulnerabilities.Otherwise, this looks great. I'm glad you had success using the filters with the
repos
solution!!
@dgkf pak::pkg_install
didn't filter automatically when I tried it. I don't think it is using install.packages
.
Depends on #74
Once we have an updated
PACKAGES
file, we can test to see how effective this solution is for pulling packages.Note that this style of repository requires the use of
pak
(which I think has special handling for thedownloadURL
field. I expect that we can still use theavailable.packages
filter functions, but we should test this out.