grype icon indicating copy to clipboard operation
grype copied to clipboard
verified publisher icon anchore

Added grype update command

Open willyw0nka opened this issue 3 years ago • 3 comments

Added grype update command #848. When running grype update latest version available is downloaded and grype binary is replaced.

I just learned to write golang so any code update or review is welcome. Not sure how we should test this feature.

willyw0nka avatar Aug 11 '22 15:08 willyw0nka

Thanks @willyw0nka! This looks great. Kicked off the ci and will get around to getting you comments.

spiffcs avatar Aug 18 '22 16:08 spiffcs

👋; I ran the actions and it looks like our Static Analysis tool picked up some suggested changes. Since you said you're new to the language these are great to look through to see some changes that can be made/updated.

Normally I can just add a commit that fixes these but didn't want to miss the chance to give you more information about your Golang journey.

spiffcs avatar Aug 18 '22 16:08 spiffcs

Hi @spiffcs, after reviewing your comments and checking how the other commands were implemented now grype update uses the standard output format.

Output on stage download grype could be improved adopting grype db update download tracking progress bar output style, currently a spinner is shown while the newer grype version is downloaded.

This improvement was not included on this last commit due to the code duplication that it implies, mainly on grype/db/curator.go. Take a look at the current command output, if a more polished result is desired I could work on adapting the download tracking progress bar for grype update.

willyw0nka avatar Sep 05 '22 13:09 willyw0nka

Hi @spiffcs :wave:! did you find some time to review the pull request update? I would love to recieve feedback on the update :smile:

willyw0nka avatar Sep 28 '22 09:09 willyw0nka

@willyw0nka so sorry for missing this I'll review today

spiffcs avatar Sep 30 '22 16:09 spiffcs

Sorry, let me try and resolve this conflict so we can at least get the CI jobs running again. Apologies for the delay on this. I've been heads down over in syft and context switching at the moment is a little costly.

spiffcs avatar Oct 06 '22 03:10 spiffcs

Did some cleanup and merged into main - will look again in the AM and ask the team about merging

spiffcs avatar Oct 07 '22 04:10 spiffcs

I've played a bit more with this recently and don't think we want to increase the release surface area with this command.

This current implementation couples a lot of the update process with the current release mechanism. It duplicates a lot of the logic across the codebase. If any of those were to update then this command would break which gives me the impression that we need to use the linked issue to discuss/come up with a design that attempts to single source of truth more of this logic.

How can we get an update command that helps the user without duplicating or interfering with other methods of installation (package manager, brew, nix, etc)?

spiffcs avatar Jan 24 '23 19:01 spiffcs