Vendoring: "URI contains invalid characters" #1019
Comments
|
I guess this might be the same issue as #832 which probably doesn't like the question mark in the URL which for some reason gets appended to the local directory? |
|
@mss thanks for reporting the issues. also, please provide more details about "v1.158.0 is completely broken"? |
|
We'll fix this as part of: |
|
I did some poor man's bisecting using the script below and the issue was introduced in v1.130.0, ie. via #768. Here is the test case (it can be simpler, the go templates aren't required): apiVersion: atmos/v1
kind: AtmosVendorConfig
metadata:
name: gh-1019
description: test
spec:
sources:
- component: atmos
source: git::https://github.com/cloudposse/atmos.git?depth=1&ref={{.Version}}
version: v1.129.0
targets:
- src/{{.Version}}The script: g=105
b=157
c=$b
while sleep 1; do
v=1.$c.0
echo $v
sed -i -e "/version:/s/v1.*/v$v/" vendor.yaml
mise exec atmos@$v -- atmos vendor pull
if [[ -d src/v$v ]]; then
g=$c
else
b=$c
fi
c=$(($g+($b-$g)/2))
done |
|
The issue is obviously here: https://github.com/cloudposse/atmos/blob/v1.158.0/internal/exec/go_getter_utils.go#L39 @osterman Since #984 doesn't seem to be related, could this maybe be fixed separately? We are currently stuck on that old version since we were waiting for another fix which went into v1.138.0 or so. |
|
I just love AI. That nonsense check was introduced by coderabbit in #768 (comment) |
@CodeRabbit has been incredibly helpful in scaling up our review process, catching cases where validation could be improved. With ~30 PRs in the past month and a small team, our biggest challenge is maintaining sufficient test coverage. Even with human reviewers, things can sometimes slip through the cracks.
We’re happy to take care of this, but if you'd like a quicker resolution, opening a PR with a fix--ideally with tests--would be the fastest way forward. Otherwise, we’ll include it in #984. |
|
Let me check the code that was added based on my suggestion. |
|
Tip For best results, initiate chat on the files or code changes. 🧩 Analysis chain🏁 Script executed: Length of output: 1023 @osterman I apologize for my previous suggestion that led to this issue. The validation I recommended was implemented too strictly, causing problems with valid URL characters like ampersands in query parameters. Here's what I suggest for the fix: // Instead of a broad character validation, we should use Go's url.Parse
// to properly validate URLs while allowing query parameters
if _, err := url.Parse(uri); err != nil {
return fmt.Errorf("invalid URI format: %v", err)
}Additionally, I strongly recommend adding test cases to cover various URL formats: func TestValidateURI(t *testing.T) {
tests := []struct {
name string
uri string
wantErr bool
}{
{
name: "valid git URL with query params",
uri: "git::https://github.com/org/repo.git?depth=1&ref=v1.0.0",
wantErr: false,
},
{
name: "valid OCI URL",
uri: "oci://registry.example.com/repo:tag",
wantErr: false,
},
// Add more test cases
}
// ... test implementation
}✏️ Learnings added
|
|
@CodeRabbit can you open a PR with the suggested fix? |
|
Tip For best results, initiate chat on the files or code changes. @osterman I apologize, but I am not able to open pull requests directly. However, I can provide the code snippets again for easy reference to help someone from the team implement the fix: // Fix for the URL validation
if _, err := url.Parse(uri); err != nil {
return fmt.Errorf("invalid URI format: %v", err)
}And the corresponding test cases: func TestValidateURI(t *testing.T) {
tests := []struct {
name string
uri string
wantErr bool
}{
{
name: "valid git URL with query params",
uri: "git::https://github.com/org/repo.git?depth=1&ref=v1.0.0",
wantErr: false,
},
{
name: "valid OCI URL",
uri: "oci://registry.example.com/repo:tag",
wantErr: false,
},
}
// ... test implementation
}Would you like me to provide any additional details or clarification about the proposed fix? (`・ω・´)ゞ |
@mss Adding If it's making a noticeable difference, I don’t see why we shouldn’t include it by default in Atmos via our go-getter implementation. |
|
My 2 cents: I don't think any such URL validation is required there since go getter will do its own validation (and call Parse). |
Yes, I just had the same idea. I will raise a separate feature ticket with some timings. |
* fix(vendor): Remove excessive URL validation Fixes #1019 * feat(vendor): Add component to error message --------- Co-authored-by: Erik Osterman (CEO @ Cloud Posse) <[email protected]>
Describe the Bug
We are currently running v1.105.0 and want to update to the latest version. v1.158.0 is completely broken (we'll open a separate ticket for that) so we tried v1.157.0 (and a few versions before that).
And now our vendoring is broken:
The problem is that we use an ampersand in our Git URLs for shallow clones, eg.:
When I do a
sed -i -e 's/depth=1&//' vendor/*.yamlvendoring works again.Expected Behavior
Vendoring is not broken.
Steps to Reproduce
Create a vendor config with an ampersand in the URL.
Screenshots
No response
Environment
Additional Context
One odd thing: We
straced the process and it looks like Atmos first tries to look in directory/home/me/atmos/git::https://git.example.com/scm/xxx/atmos-components.git//mixins/context?depth=1&ref=v2.21.0(ie. it appends the URL to the directory).The text was updated successfully, but these errors were encountered: