chore: apply suggestions from Clay

.github/workflows/Vulnerability-Scan.yaml

@@ -27,8 +27,8 @@ on:
         required: false
         type: string
         default: '9999-12-31T23:59:59'
-      is-from-release:
-        description: 'If the image is from a release, we create issues when vulnerabilities are found'
+      create-issue:
+        description: 'If to create a GitHub issues for found vulnerabilities'
         required: false
         type: boolean
         default: false
@@ -243,7 +243,7 @@ jobs:
             echo "| ID | Target | Severity | Package |" >> issue.md
             echo "| -- | ----- | -------- | ------- |" >> issue.md
             echo '${{ needs.test-vulnerabilities.outputs.vulnerabilities }}' | jq -r '.[] | "| \(.VulnerabilityID) | /\(.Target) | \(.Severity) | \(.PkgName) |"' >> issue.md
-            if [[ ${{ inputs.is-from-release }} == 'true' ]]; then
+            if [[ ${{ inputs.create-issue }} == 'true' ]]; then
               revision_to_released_tags=$(python3 -m src.shared.release_info get_revision_to_released_tags --all-releases ${{ inputs.oci-image-path }}/_releases.json)
               affected_tracks=$(echo "${revision_to_released_tags}" | jq -r '."${{ steps.simplify-image-name.outputs.img_revision }}" | map("- `\(.)`") | join("\n")')
               echo -e "\n### Affected tracks:" >> issue.md
@@ -255,13 +255,13 @@ jobs:
           fi
 
       - name: Write to summary
-        if: ${{ !inputs.is-from-release && steps.create-markdown.outputs.vulnerability-exists == 'true' }}
+        if: ${{ !inputs.create-issue && steps.create-markdown.outputs.vulnerability-exists == 'true' }}
         run: |
           echo "# Vulnerabilities found for ${{ inputs.oci-image-name }}" >> $GITHUB_STEP_SUMMARY
           cat ${{ steps.create-markdown.outputs.issue-body-file }} | tail -n +2 >> $GITHUB_STEP_SUMMARY
 
       - id: issue-exists
-        if: ${{ inputs.is-from-release }}
+        if: ${{ inputs.create-issue}}
         run: |
           issue_number=$(gh issue list --repo ${{ steps.get-image-repo.outputs.img-repo }} --json "number,title" \
                   | jq -r '.[] | select(.title == "${{ steps.create-markdown.outputs.issue-title }}") | .number')
@@ -282,7 +282,7 @@ jobs:
       # |      F       |   F    |          F           |   nop  |
 
       - name: Notify via GitHub issue
-        if: ${{ steps.create-markdown.outputs.vulnerability-exists == 'true' && inputs.is-from-release }}
+        if: ${{ steps.create-markdown.outputs.vulnerability-exists == 'true' && inputs.create-issue }}
         run: |
           set -x
           op=nop
@@ -299,6 +299,10 @@ jobs:
           fi
 
       - name: Close issue
-        if: ${{ needs.test-vulnerabilities.result == 'success' && steps.issue-exists.outputs.issue-exists == 'true' && steps.create-markdown.outputs.vulnerability-exists == 'false' && inputs.is-from-release }}
+        if: |
+          needs.test-vulnerabilities.result == 'success' && 
+          steps.issue-exists.outputs.issue-exists == 'true' && 
+          steps.create-markdown.outputs.vulnerability-exists == 'false' && 
+          inputs.create-issue
         run: |
           gh issue close ${{ steps.issue-exists.outputs.issue-number }} --repo ${{ steps.get-image-repo.outputs.img-repo }}

src/shared/release_info.py

@@ -87,6 +87,19 @@ def get_revision_to_track(all_revisions_tags: list) -> dict:
     return revision_track
 
 
+def _find_alias_revision(tag_mapping_from_all_releases: dict, rev: str, visited: set, tag: str) -> str:
+    if rev in visited:
+        raise BadChannel(
+            f"Tag {tag} was caught in a circular dependency, "
+            "following tags that follow themselves. Cannot pin a revision."
+        )
+    visited.add(rev)
+    if not rev.isdigit():
+        return _find_alias_revision(
+            tag_mapping_from_all_releases, tag_mapping_from_all_releases[rev], visited, tag
+        )
+    return rev
+
 def get_revision_to_released_tags(all_releases: dict) -> dict:
     """
     Iterates over the provided dictionary with all the releases
@@ -99,21 +112,7 @@ def get_revision_to_released_tags(all_releases: dict) -> dict:
     for tag, revision in tag_mapping_from_all_releases.items():
         if not revision.isdigit():
             visited = set()
-
-            def find_alias_revision(rev: str, visited: set) -> str:
-                if rev in visited:
-                    raise BadChannel(
-                        f"Tag {tag} was caught in a circular dependency, "
-                        "following tags that follow themselves. Cannot pin a revision."
-                    )
-                visited.add(rev)
-                if not rev.isdigit():
-                    return find_alias_revision(
-                        tag_mapping_from_all_releases[rev], visited
-                    )
-                return rev
-
-            revision = find_alias_revision(revision, visited)
+            revision = _find_alias_revision(tag_mapping_from_all_releases, revision, visited, tag)
         revision = int(revision)
         revision_to_released_tags[revision].append(tag)
 

tests/unit/test_shared_release_info.py

@@ -34,12 +34,8 @@ def test_get_revision_to_release_circular():
         }
     }
 
-    with pytest.raises(BadChannel) as excinfo:
+    with pytest.raises(BadChannel, match=r"Tag .* was caught in a circular dependency, following tags that follow themselves. Cannot pin a revision."):
         get_revision_to_released_tags(all_releases)
-    assert (
-        "Tag 1.19.0-22.04_candidate was caught in a circular dependency, following tags that follow themselves. Cannot pin a revision."
-        in str(excinfo)
-    )
 
 
 def test_get_revision_to_release_alias():