search

thoth-station / package-analyzer

Analyze Python artifacts
GNU General Public License v3.0
0 stars 4 forks source link

Link PythonArtifact with PythonPackageVersion #89

Closed KPostOffice closed 4 years ago

KPostOffice commented 4 years ago

Is your feature request related to a problem? Please describe. I am creating a cronjob to update package info in the database. To do this I need to be able to separate based on index/name/version/platform/python version. Currently only index/name/version can be directly linked. Finding associated platforms and python versions is obscured by PythonPackageVersionEntity.

Describe the solution you'd like Upgrade how package-analyzer results are added to the database so that for each package we are able to search based on index/name/version/platform/python version and hopefully resolve to a single package.

Describe alternatives you've considered None

Additional context https://docs.google.com/document/d/18DYyrxo7b16k8v4wz0dDyAknylWthq2OGrwgIRCZfIE/edit?usp=sharing

KPostOffice commented 4 years ago

This actually probably isn't necessary because we can just check all hashes for a version.

fridex commented 4 years ago

Describe the solution you'd like Upgrade how package-analyzer results are added to the database so that for each package we are able to search based on index/name/version/platform/python version and hopefully resolve to a single package.

This is actually not possible in a nice way. The reason why we introduced PythonPackageVersionEntity and PythonPackageVersion - we can detect Python packages in package-extract runs, we can also detect Python interpreter version and os running. As there might be multiple Python interpreters, we do not have any direct guidance on which version is actually used to run applications. Also, we don't know how these packages were introduced in container images and whether they are correct dependencies in a Python stack. Hence we rely on our solver that produces records in PythonPackageVersion and we keep track of container image packages in PythonPackageVersionEntity. In other words, PythonArtifact is any Python artifact found on the Python index and thus linked to PythonPackageVersionEntity.

This actually probably isn't necessary because we can just check all hashes for a version.

+1, this sounds like a nice and straightforward solution.

KPostOffice commented 4 years ago

Agreed, I'll close this issue.