fix: trivy-action version and gourmand violations#4
Conversation
Bump trivy-action 0.34.1→0.35.0 (tag didn't exist), remove verbose comments flagged by gourmand, add lint_suppression exception for legitimate noqa: S608 in query_errors(). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request primarily focuses on enhancing the continuous integration process and improving code quality by addressing linting violations. It updates a critical CI action to ensure container builds function correctly and refines the codebase by removing unnecessary comments that were flagged by a static analysis tool. Additionally, it formalizes an existing lint suppression with a clear justification, ensuring that intentional code patterns do not trigger false positives in future linting runs. Highlights
Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request effectively resolves the gourmand linter violations by removing unnecessary comments and correctly suppressing a false positive for a SQL-related check. The changes are straightforward and improve code clarity. I've added one comment regarding a potential performance and correctness issue in the trove_quality tool, which became apparent during this review. Addressing it would significantly improve the tool's robustness.
| resolved_filter: bool | None = None if show_resolved else False | ||
| errors = db.query_errors(resolved=resolved_filter, path=path, limit=limit) | ||
|
|
||
| # Compute aggregate counts across all errors (not just the page returned) |
There was a problem hiding this comment.
While this PR removes a verbose comment, the underlying implementation for computing aggregate counts has a significant performance issue and a potential bug. Fetching up to 10,000 error records just to count them in Python is inefficient and will report incorrect statistics if the actual number of errors exceeds this limit.
A more scalable and performant approach is to compute these aggregates directly in the database. I recommend adding new functions to database.py to handle this, using SQL's COUNT(*) and GROUP BY. This avoids transferring large amounts of data and ensures the counts are always correct.
For example, you could replace the fetch-and-process logic with two more efficient queries:
- To get total and resolved counts:
SELECT COUNT(*) AS total, SUM(resolved) AS resolved_count
FROM index_errors
WHERE path LIKE ?; -- Optional path filter- To get counts by error type:
SELECT error_type, COUNT(*)
FROM index_errors
WHERE path LIKE ? -- Optional path filter
GROUP BY error_type;This would be a valuable improvement for the tool's robustness.
1 participant
Summary
trivy-actionfrom0.34.1(non-existent tag) to0.35.0— fixes container build workflowdatabase.py,tools/status.py, andtests/test_tools.pylint_suppressionexception for legitimatenoqa: S608inquery_errors()Test plan
🤖 Generated with Claude Code