feat(component): Add deterministic component fingerprints#47
feat(component): Add deterministic component fingerprints#47dmcilvaney wants to merge 11 commits intomicrosoft:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a new internal fingerprinting utility intended to compute deterministic “component fingerprints” from resolved component configuration plus additional build context.
Changes:
- Introduces
internal/fingerprintpackage withComputeIdentityto produce a SHA256-based fingerprint and an inputs breakdown. - Adds a comprehensive test suite covering many config/input variations.
- Exports
OpenProjectRepoin synthetic history code and addshashstructure/v2dependency.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/fingerprint/fingerprint.go | New fingerprint computation logic (config hashing + overlay file hashing + SHA256 combiner). |
| internal/fingerprint/fingerprint_test.go | New tests asserting determinism and expected sensitivity/insensitivity to various inputs. |
| internal/fingerprint/doc.go | Package documentation for the new fingerprint module. |
| internal/app/azldev/core/sources/synthistory.go | Renames openProjectRepo to exported OpenProjectRepo and updates call site. |
| go.mod | Adds github.com/mitchellh/hashstructure/v2 dependency. |
| go.sum | Adds checksums for the new dependency. |
dmcilvaney
force-pushed
the
damcilva/component_change_detection_parts/5
branch
from
a7d028e to
3fb8df7
Compare
dmcilvaney
force-pushed
the
damcilva/component_change_detection_parts/5
branch
from
3fb8df7 to
759c099
Compare
dmcilvaney
force-pushed
the
damcilva/component_change_detection_parts/5
branch
from
0140c52 to
94e19ff
Compare
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
reubeno
left a comment
reubeno
left a comment
There was a problem hiding this comment.
Apart from the individual comments, my main question... what's your thoughts on how we can ensure that this algorithm stays in sync with the component and overlay definitions as the latter evolve?
| OverlayFileHashes map[string]string `json:"overlayFileHashes,omitempty"` | ||
| // AffectsCommitCount is the number of "Affects: <component>" commits in the project repo. | ||
| AffectsCommitCount int `json:"affectsCommitCount"` | ||
| // Distro is the effective distro name. |
There was a problem hiding this comment.
Why does this need to be tracked?
| func ComputeIdentity( | ||
| fs opctx.FS, | ||
| component projectconfig.ComponentConfig, | ||
| distroRef projectconfig.DistroReference, |
There was a problem hiding this comment.
Is this the distro that the component is being built for or the distro that the component's spec may have come from? Can we document and clarify?
There was a problem hiding this comment.
It should be the effective distro for the component, ie if one is set, pick that, otherwise the global default.
There was a problem hiding this comment.
That said, we can probably drop it to just ReleaseVer, that might be the only bit we really care about.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
| "github.com/bmatcuk/doublestar/v4" | ||
| "github.com/brunoga/deep" | ||
| "github.com/microsoft/azure-linux-dev-tools/internal/global/opctx" | ||
| "github.com/microsoft/azure-linux-dev-tools/internal/utils/fileutils" | ||
| ) |
There was a problem hiding this comment.
This file uses filepath.Base and fmt.Errorf, but path/filepath and fmt are not imported in the shown import block. As written, this will not compile. Add the missing imports (and keep them grouped consistently with the existing imports).
| return c.Filename | ||
| } | ||
|
|
||
| return filepath.Base(c.Source) |
There was a problem hiding this comment.
This file uses filepath.Base and fmt.Errorf, but path/filepath and fmt are not imported in the shown import block. As written, this will not compile. Add the missing imports (and keep them grouped consistently with the existing imports).
|
|
||
| contentHash, err := fileutils.ComputeFileHash(fs, fileutils.HashTypeSHA256, c.Source) | ||
| if err != nil { | ||
| return "", fmt.Errorf("hashing overlay source %#q:\n%w", c.Source, err) |
There was a problem hiding this comment.
This file uses filepath.Base and fmt.Errorf, but path/filepath and fmt are not imported in the shown import block. As written, this will not compile. Add the missing imports (and keep them grouped consistently with the existing imports).
| // the config file that defines the overlay. | ||
| Source string `toml:"source,omitempty" json:"source,omitempty" jsonschema:"title=Source,description=For overlays that require a source file as input, indicates a path to that file; relative paths are relative to the config file that defines the overlay"` | ||
| // Excluded from fingerprint because it contains an absolute path that varies by checkout | ||
| // location. Overlay content is hashed separately by [fingerprint.ComputeIdentity]. |
There was a problem hiding this comment.
Similar to SpecSource, the Go doc link [fingerprint.ComputeIdentity] may not resolve from this package/file if fingerprint isn’t an imported identifier here. Consider replacing the bracket-link with plain text or referencing this behavior in internal/fingerprint docs instead.
| // location. Overlay content is hashed separately by [fingerprint.ComputeIdentity]. | |
| // location. Overlay content is hashed separately by the internal fingerprint computation. |
No description provided.