Skip to content

var-transforms do not provide a mechanism for mutating dissimilar inputs to the same variable #1774

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
OddBloke opened this issue Feb 4, 2025 · 1 comment
Open

var-transforms do not provide a mechanism for mutating dissimilar inputs to the same variable #1774

OddBloke opened this issue Feb 4, 2025 · 1 comment

Comments

@OddBloke
Copy link

OddBloke commented Feb 4, 2025

opa-envoy uses a versioning scheme of <upstream version>-envoy<local revision> but <local revision> is omitted for the first release. So, for example, the last two versions currently are 1.1.0-envoy-1 and 1.0.0-envoy. These aren't valid APK versions (per https://github.com/wolfi-dev/wolfictl/blob/b168a068d4ea555968116a7577964310adf8ec33/pkg/versions/validate.go#L8-L23) so we need to mutate these to strings that are: respectively, 1.1.0-r1 (that's not an epoch!) and 1.0.0.

The version-transform logic correctly mutates from the upstream version to the versions we want, but we then need to mutate back from the APK version to the upstream naming schema, to checkout the appropriate tag. Due to the absence of the -0 on the upstream versioning in the "first release" case, there isn't a single regex match/replace that can do the job. ^(\d+\.\d+\.\d+)$ -> $1-envoy handles the first version case, and ^(.+)-r(\d+)$ -> $1-envoy-$2 handles the subsequent versions case. This maps simply enough into melange configuration:

var-transforms:
  - from: ${{package.version}}
    # 1.0.0 -> 1.0.0-envoy
    match: ^(\d+\.\d+\.\d+)$
    replace: $1-envoy
    to: mangled-package-version
  - from: ${{package.version}}
    # 1.0.0-r2 -> 1.0.0-envoy-2
    match: ^(.+)-r(\d+)$
    replace: $1-envoy-$2
    to: mangled-package-version

However, this configuration doesn't work: melange applies var-transforms in order, overwriting any previous values, meaning that this configuration will only handle the 1.1.0-r1 case. If the stanzas were reversed, the configuration would only handle the 1.0.0 case.

Ideally, it would be possible to specify that a transform should be applied if and only if its match regex actually matches the from input. If there was, e.g., a must-match: true option we could apply here, then only the actually applicable stanza's output would be used for mangled-package-version, solving the problem.
@OddBloke
Copy link
Author

OddBloke commented Feb 4, 2025

(As it happens, I did manage to craft a single ugly regex which handles this case halfway through writing this issue (^([0-9]+.[0-9]+.[0-9]+)((-)r(\d+))?$ -> $1-envoy$3$4) but (a) this may not always be possible, and (b) this regex is inscrutable, the multi-stanza version is much more maintainable.)

OddBloke added a commit to wolfi-dev/os that referenced this issue Feb 4, 2025
@OddBloke
opa-envoy: combine mangled-package-version var-transforms
a6b0545 
melange will always write to the `to` of `var-transforms`, even if the
`from` value did not `match` and so has not been mutated.  This means
that the last `var-transform` with a given `to` will always determine
the value of that variable.  In this case, that meant that our
`var-transforms` would only ever handle one of the two upstream
versioning cases.

This commit collapses the two stanzas into a single (ugly) regex which
should handle both cases, and I've filed
chainguard-dev/melange#1774 to request making
the multi-stanza version possible.
OddBloke added a commit to wolfi-dev/os that referenced this issue Mar 6, 2025
@OddBloke
opa-envoy: switch from -rN to _pN suffix for upstream revisions
633c834 
This avoids tripping up a few tools which assume we'll only have a
single `-rN` suffix indicating the wolfi epoch.

This does mean that
chainguard-dev/melange#1774 now does affect
this package, but that's unavoidable for now.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@OddBloke