cve_corrector: fix devtool finish failures#20
Open
danielturull wants to merge 5 commits into
Open
Conversation
- Add _merge_results() to preserve data from inactive sources when reprocessing CVEs incrementally, deduplicating by hash/url and combining source strings - Add _accumulate_stats() to correctly count per-source statistics for both skipped and reprocessed entries - Add retry with exponential backoff to Ubuntu API client, handling 429 rate-limiting and transient failures (3 attempts, configurable base delay) - Refactor extract_from_ubuntu_response() to use shared _process_url() helper, removing duplicated hash/PR extraction logic - Add tests for retry exhaustion and 429 recovery Assisted-by: kiro, claude-opus-4.6 Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
…inish devtool finish commits into the target meta-layer, which requires HEAD to be on a branch. A detached HEAD causes a cryptic 'Git operation failed' error (exit 7) at the end of the workflow. Add _ensure_layer_branch() pre-flight check that runs before devtool finish and raises GitError with an actionable message telling the user to checkout a branch. Assited-by: Kiro, claude-opus-4.6 Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
After 'devtool build', autotools-regenerated files (Makefile.in, etc.) are left modified in the workspace working tree. devtool finish -f proceeds past the 'not clean' warning but then crashes with FileNotFoundError when _export_local_files tries to copy these files into a temp directory that lacks the parent subdirectory structure. Add 'git checkout .' after 'git clean -fdx' to restore tracked files to their committed state. The actual CVE fix is already committed on the devtool branch, so this only discards build artifacts. Assited-by: Kiro, claude-opus-4.6 Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
CVE_TOOLS_DATA_DIR was already honoured via data_dir() for tool-specific paths but debian_tracker_dir, cvelistv5_dir, and nvd_dir fell back to XDG_DATA_HOME, ignoring the override. Check CVE_TOOLS_DATA_DIR before XDG_DATA_HOME so all data paths respect the same environment variable. Assisted-by: Kiro:claude-sonnet-4.6 Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
When the AI agent resolves conflicts, it sometimes replaces the original upstream commit message body with backport notes instead of appending them after it. amend_commit_with_summary() now detects this case by checking whether the first non-blank body line starts with a known backport note marker (Backport Resolution:, Backport changes:, etc.). If so, it fetches the original subject and body from the upstream SHA and reconstructs the message: original content first, then the AI notes, then the summary. Also update AGENT_INSTRUCTIONS.md to explicitly instruct the AI to preserve the original MERGE_MSG content and only append notes after it. Assisted-by: Kiro:claude-sonnet-4.6 Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
danielturull
force-pushed
the
fix/incremental
branch
from
4008b38 to
6405809
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two fixes for
devtool finishfailures observed during CVE backporting:Detached HEAD check —
devtool finishcommits into the target meta-layer, which requires HEAD to be on a branch. Add a pre-flight check that raisesGitErrorwith an actionable message instead of a cryptic failure at exit code 7.Reset modified tracked files — After
devtool build, autotools-regenerated files (Makefile.in, etc.) dirty the working tree.devtool finish -fproceeds past the warning but crashes withFileNotFoundErrorwhen exporting files to a temp dir missing parent subdirectories. Addgit checkout .to restore tracked files before finish.Testing
tests/corrector/test_ensure_layer_branch.pywith tests for both on-branch and detached HEAD scenarios