Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an API endpoint to upload pre-created analyzer results #193

Open
sschuberth opened this issue May 7, 2024 · 9 comments
Open

Add an API endpoint to upload pre-created analyzer results #193

sschuberth opened this issue May 7, 2024 · 9 comments
Labels
enhancement New feature or request

Comments

@sschuberth
Copy link
Contributor

Instead of running the analyzer on the ORT server, it is sometimes necessary to run the analyzer on-premises / locally (to avoid cloning the project in the cloud). For such a use-case the ORT server should have an endpoint to upload an existing analyzer result.
@sschuberth
Copy link
Contributor Author

@heliocastro, can you maybe share the API specs of your Optima service here for reference?

@heliocastro
Copy link

I will be doing this on next Monday, need clear internal naming endpoints.

@mnonnenmacher mnonnenmacher added the enhancement New feature or request label May 24, 2024
Etsija added a commit to doubleopen-project/ort-server that referenced this issue May 28, 2024
@Etsija
feat(ui): Always enable Analyzer job for an ORT Run
7881da6 
Currently, the Analyzer job needs to always be included in an ORT run,
so make it mandatory in the run creation form.

As there is a pending issue about uploading pre-created Analyzer results
for a run [1], we implement this with minimal changes to the UI, by
always enabling the Analyzer job switch and preventing to disable it.
This prepares for future changes to the run creation form regarding
the upload functionality.

[1]: eclipse-apoapsis#193

Signed-off-by: Jyrki Keisala <[email protected]>
github-merge-queue bot pushed a commit that referenced this issue May 28, 2024
@Etsija @mnonnenmacher
feat(ui): Always enable Analyzer job for an ORT Run
c65c916 
Currently, the Analyzer job needs to always be included in an ORT run,
so make it mandatory in the run creation form.

As there is a pending issue about uploading pre-created Analyzer results
for a run [1], we implement this with minimal changes to the UI, by
always enabling the Analyzer job switch and preventing to disable it.
This prepares for future changes to the run creation form regarding
the upload functionality.

[1]: #193

Signed-off-by: Jyrki Keisala <[email protected]>
@sschuberth sschuberth mentioned this issue Aug 26, 2024
Open
@mmurto
Copy link
Contributor

mmurto commented Aug 26, 2024

As discussed in #907, it could make sense to have the API work in a way that an existing analyzer result is uploaded to a specific product, and uploading it creates a new repository in that product. Users could then specify whatever run arguments for runs against that repo, and the runs would then be executed with the same analyzer result as the base without the need to upload the result file for each individual run. There should also be an update endpoint to upload a new analyzer result to overwrite the previously uploaded one, leading to the runs after that using the new analyzer result as the base.

@sschuberth
Copy link
Contributor Author

I will be doing this on next Monday, need clear internal naming endpoints.

Any progress here BTW, @heliocastro?

@mnonnenmacher
Copy link
Contributor

As discussed in #907, it could make sense to have the API work in a way that an existing analyzer result is uploaded to a specific product, and uploading it creates a new repository in that product. Users could then specify whatever run arguments for runs against that repo, and the runs would then be executed with the same analyzer result as the base without the need to upload the result file for each individual run. There should also be an update endpoint to upload a new analyzer result to overwrite the previously uploaded one, leading to the runs after that using the new analyzer result as the base.

This brings up some questions, how to handle the repository information in the uploaded ORT result:

  • If the ORT result contains a repository provenance, this should match the URL of the repository in the DB.
  • What if the ORT result has no provenance information? Currently the repository URL is a mandatory field, if there is no repository URL, we would need another column to identify the repository and to show something else than the ID in the UI.
  • If there is no provenance information, do we have to ensure somehow that uploaded analyzer results for the same repository match?
  • Should we even allow ORT results without provenance information? If we do, automatic repository creation would be problematic.

@mmurto
Copy link
Contributor

mmurto commented Aug 27, 2024

  • What if the ORT result has no provenance information? Currently the repository URL is a mandatory field, if there is no repository URL, we would need another column to identify the repository and to show something else than the ID in the UI.

If using provided analyzer results requires a lot of work arounds, we could consider creating separate database entries for them, similar to repos.

  • If there is no provenance information, do we have to ensure somehow that uploaded analyzer results for the same repository match?

Maybe a warning if the user is uploading a result with different information that the user than then discard and upload if they so wish.

  • Should we even allow ORT results without provenance information? If we do, automatic repository creation would be problematic.

I feel not allowing ORT results without provenance information would be quite arbitrary limitation if ORT itself can work on them. I think there's nothing that the analysis really needs provenance information for the source, except for scanning the project, for which an ORT issue should suffice.

@sschuberth
Copy link
Contributor Author

I feel not allowing ORT results without provenance information would be quite arbitrary limitation if ORT itself can work on them.

It can't, see the related oss-review-toolkit/ort#8803.

@mnonnenmacher
Copy link
Contributor

I feel not allowing ORT results without provenance information would be quite arbitrary limitation if ORT itself can work on them.

It can't, see the related oss-review-toolkit/ort#8803.

But that might change so we should still consider it when designing the upload functionality.

@sschuberth
Copy link
Contributor Author

sschuberth commented Sep 24, 2024
edited
Loading

Ideas from today's meeting with @mnonnenmacher:

  • Create a new endpoint that takes an analyzer result file upload and streams it e.g. to S3 storage
  • Add a new mode to the analyzer worker that instead of running the analyzer will download the previously uploaded analyzer result
  • UX-wise uploading an analyzer results could be handled as a special "Repository" type that you configure once, and that cannot be changes later, i.e. it would not be supported to have runs from existing analyzer results and regular analyzer runs for the same "Repository".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
Roadmap
Status: No status
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sschuberth @heliocastro @mmurto @mnonnenmacher