-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What is the minimum job config for the Evaluator? #300
Comments
The minimum configuration is indeed an empty object as the evaluator would then use all config files from their default locations and no package configuration provider. Do you see any lines like this in the evaluator logs? The sample rule set for compose only has one rule that triggers if a package has no license at all, maybe that's just not the case for the repository you are scanning? |
Yes, I indeed have loads of these type of messages in the logs:
So I guess the sample ruleset is so minimal that it doesn't actually trigger any policy violations. We (Double Open Oy) are using something like this, so I guess the default ruleset could be extended also for Docker Compose setup, if not else than for demonstration purposes, and for the purpose of proving the concept, what do you think? |
Actually, thinking of this, is there any reason why this couldn't be used instead, as ORT also uses that as an example of a rule file? |
We have a long-standing discussion about the purpose / scope of examples rules for ORT. Basically, it boils down to the question whether examples should be a "reasonable default implementation", or an "synthetic implementation to show the features" only. Currently, both https://github.com/oss-review-toolkit/ort/blob/main/examples/example.rules.kts and https://github.com/oss-review-toolkit/ort-config/blob/main/evaluator.rules.kts are a mix of both. Personally, I'd strongly vote for at least the former to be a "synthetic implementation" that triggers dummy rule violations for any code, just to show the concept, and not make people wonder why nothing gets triggered, as happened in the scope of this issue. |
Yes, I agree there should be a rules file which triggers at least some violations, albeit not 100% correctly from the standpoint of someone curating a project, as with the current rules file, I have been wondering for a few days already why the Evaluator is not triggering anything, as if it isn't even run, although run results show it as FINISHED. So I just thought I've been mis-configuring the job. |
I agree with this, the file is also rendered here and a shorter example that showcases the features would be more helpful. For this repository I would like to add simple examples for the other configuration files as well. For example, a license classifications file which classifies only few licenses. Then another rule could be added that triggers if a non-classified license is found, which would be very likely for most projects. |
@Etsija has this been answered? If so, please close. |
The original question, yes, but the discussion took another turn and implied that some files were to be added to |
I'm creating an ORT Run and I am passing an empty configuration for the Evaluator, as the code comments in (
jobConfigurations.kt
) suggest that some configurations will have defaults. However, when running the Evaluator after successful Analyzer and Scanner jobs, I get these warnings to the logs:The Evaluator seems to run OK, as its final status is FINISHED, but I get no results. This is from
ort-result.yml
:The Reporter of course doesn't show any policy violations, either.
There probably should be some instructions as to the minimum job configuration needed for the Evaluator to run properly.
The text was updated successfully, but these errors were encountered: