generic fetcher: Add usage docs and a ADR #718
Conversation
|
/ok-to-test |
|
We also add a tiny introduction of each package manager here: https://github.com/containerbuildsystem/cachi2/blob/main/README.md#package-managers. We should have one for |
kosciCZ
force-pushed
the
generic-fetcher-docs
branch
2 times, most recently
from
5cb71d3
to
e5286c0
Compare
Add documentation on how to use the generic fetcher and also an ADR to help move out of the experimental phase. Signed-off-by: Jan Koscielniak <[email protected]>
kosciCZ
force-pushed
the
generic-fetcher-docs
branch
from
e5286c0
to
d8a3f6e
Compare
There was a problem hiding this comment.
This LGTM in the overall.
I think we should split the ADR to a separate commit, or even have it in a separate PR. The reason is that I think we'll merge the docs very quickly, but the ADR also implies making the package manager officially supported, so it'll bring a longer discussion (and we could use the same PR to also remove it from dev-package-managers).
| Specified as a dictionary of checksum algorithms and their values. At least one cachi2-verifiable checksum must be provided | ||
| to ensure at least some degree of confidence in the identity of the artifact. | ||
|
|
||
| #### target (optional) |
There was a problem hiding this comment.
I think this is a good moment to bring back the discussion about the name of this property. IIRC, somebody suggested it to be called simply filename, so that it makes its goal clearer.
| @@ -237,6 +241,18 @@ Both files must be present in the source repository so you should check them int | |||
|
|
|||
| See [docs/bundler.md](docs/bundler.md) for more details. | |||
|
|
|||
| ### generic fetcher | |||
|
|
|||
| Generic fetcher is a way for Cachi2 to support pre-fetching arbitrary files that don't fit into other package managers. | |||
There was a problem hiding this comment.
Nitpick: I think we decided to call it "prefetch" (without the hyphen)
| "components": [ | ||
| { | ||
| "name": "granite-model-1.safetensors", | ||
| "purl": "pkg:generic/granite-model-1.safetensors?checksums=sha256:d16bf783cb6670f7f692ad7d6885ab957c63cfc1b9649bc4a3ba1cfbdfd5230c&download_url=https://huggingface.co/instructlab/granite-7b-lab/resolve/main/model-00001-of-00003.safetensors", |
There was a problem hiding this comment.
Another discussion is whether we want to report the checksum as part of the output purl. I believe none of the existing package managers do it.
There was a problem hiding this comment.
There is also a leftover discussion from a previous PR: in case we do want to report them as part of the output purl, do we want to only report the ones that were validated?
There was a problem hiding this comment.
Another discussion is whether we want to report the checksum as part of the output purl. I believe none of the existing package managers do it.
Correction: we do report checksums in purls for file dependencies for package managers such as npm, yarn and pip.
Add documentation on how to use the generic fetcher and also an ADR to help move out of the experimental phase.
I've tried to follow the CONTRIBUTING.md guidelines, but since I did not see any previous ADR, I just tried to come up with something. Feel free to give more direction on how you want the docs to look like. Thanks!
Maintainers will complete the following section
Note: if the contribution is external (not from an organization member), the CI
pipeline will not run automatically. After verifying that the CI is safe to run:
/ok-to-test(as is the standard for Pipelines as Code)