docs: document permissive mode for prefetch-dependencies#598
docs: document permissive mode for prefetch-dependencies#598Kasturijadhav14 wants to merge 1 commit intokonflux-ci:mainfrom
Conversation
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces new documentation for a 'permissive mode' in Hermeto's prefetch-dependencies feature, detailing its purpose, use cases, and configuration via prefetch-input flags in PipelineRun YAML. The review comments highlight that the new headings and sub-headings in the documentation do not adhere to the repository's style guide, which requires imperative mood language.
| include::partial${context}-prefetch-hermeto-note.adoc[] | ||
| ==== | ||
|
|
||
| == [[permissive-mode]]Enabling permissive mode for `prefetch-dependencies` |
There was a problem hiding this comment.
The heading uses a gerund ("Enabling"). Per the repository style guide, please use imperative mood language for headings. Consider using "Enable" or "Configure" instead.
== [[permissive-mode]]Enable permissive mode for `prefetch-dependencies`
References
- Use imperative mood language. (link)
| Enabling permissive mode reduces the strictness of the prefetch validation. This may result in less accurate SBOMs and reduced build reproducibility. Use this option only when necessary and be aware of the security trade-offs. | ||
| ==== | ||
|
|
||
| === When to use permissive mode |
There was a problem hiding this comment.
This sub-heading is not in imperative mood. Please rephrase it to follow the repository style guide.
=== Use permissive mode when
References
- Use imperative mood language. (link)
| * A PyPI dependency contains a Rust extension whose `Cargo.lock` file is outdated or missing, causing the prefetch to fail in strict mode. | ||
| * You have confirmed the dependency is trustworthy and the prefetch failure is due to a known limitation rather than a security concern. | ||
|
|
||
| === How to enable permissive mode |
There was a problem hiding this comment.
This sub-heading is not in imperative mood. Please rephrase it to follow the repository style guide.
=== Enable permissive mode
References
- Use imperative mood language. (link)
1 participant
Closes #586
What this PR does
Adds documentation for enabling the permissive mode in the
prefetch-dependenciestask.Why
Hermeto runs in strict mode by default, which can cause prefetch failures when a PyPI dependency contains a Rust extension with an outdated
Cargo.lockfile. This is a known limitation that affects real-world use cases.Changes
Enabling permissive mode for prefetch-dependenciessection tomodules/building/pages/prefetching-dependencies.adocflagsparameter inprefetch-input