sdggiesbrecht / sdgswift Goto Github PK

The workflow Windows.yaml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.

The workflow iOS.yaml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.

is there a way to programmatically mock up packages? meaning i would like to generate some package which depends on another (local repository) package, for symbol inspection purposes. then i could swift run it to dump out the imported symbols, and feed that into my codegen system.

real-package/
    Package.swift 
    Sources/
        my-library-module/
            definitions.swift

mock-package/
    Package.swift
    Sources/
        inspector/
            main.swift

// real-package/Sources/my-library-module/definitions.swift 

enum Foo 
{
    static 
    let types:[MyProtocol.Type] = [Bar.self, Baz.self]
}

// mock-package/Sources/inspector/main.swift 

@testable import MyLibraryModule

for type:MyProtocol.Type in Foo.types 
{
    print("\(type)")
    ...
}

// mock-package/Package.swift 
// swift-tools-version: ...

let package ....

    dependencies: 
    [
        .package(path: "../real-package")
    ]
    ...

ideally, i would generate mock-package/Sources/inspector/main.swift as a String from swift, and possibly generate mock-package/Package.swift as a typed PackageDescription.Package (or less ideally, a String), and then have SDGSwift generate the mock package and run the inspector target.

maybe, it would look like this:

let inspectorSource:String = generateInspectorSource()

let mockPackage:<???> = .init(products: [.executable(targets: ["inspector"])], 
    dependencies: [.package(path: "../real-package")], 
    targets: 
    [
        .executableTarget("inspector", sources: [inspectorSource]) // the source file contents, not a file path!
    ])

mockPackage.run("inspector")

The workflow Amazon Linux.yaml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.

The workflow Miscellaneous.yaml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.

The workflow Ubuntu.yaml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.

The workflow Android (Swift 5.3).yaml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.

The workflow CentOS.yaml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.

Question

I've noticed that you've posted a few messages over in the Swift forums discussing Swift code coverage.

In one of them you even hint about this library being able to work directly with the JSON output from llvm-cov.

I'm interested in writing a utility to parse the JSON (or some other Swift code coverage artifact from llvm-cov) and convert it to Cobertura XML for use in my GitLab CI pipelines.

I'm interested in how one might use TestCoverageReport, if at all, to interpret the output from llvm-cov. In your opinion could you see a way to use the modules/types in this package provide a path to achieving the goal I have?

Documentation Suggestion

The subject matter is a little dense here. Some guiding examples on how one might make use of some of the modules/types.

The workflow Windows (Swift 5.3).yaml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.

The workflow Android.yaml is referencing action actions/checkout using references v1. However this reference is missing the commit a6747255bd19d7a757dbdda8c654a9f84db19839 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.