chore: switch to yardstick validate from custom gate.py (#2090)

willmurphyscode · web-flow · commit eeeea9e96d8c · 2024-09-23T14:48:00.000-04:00
* chore: switch to yardstick validate from custom gate.py

Signed-off-by: Will Murphy &lt;willmurphyscode@users.noreply.github.com&gt;

* fix python version to work with new yardstick

Signed-off-by: Will Murphy &lt;willmurphyscode@users.noreply.github.com&gt;

* chore: use yardstick release not branch

Signed-off-by: Will Murphy &lt;willmurphyscode@users.noreply.github.com&gt;

---------

Signed-off-by: Will Murphy &lt;willmurphyscode@users.noreply.github.com&gt;
diff --git a/.github/actions/bootstrap/action.yaml b/.github/actions/bootstrap/action.yaml
@@ -8,7 +8,7 @@ inputs:
   python-version:
     description: "Python version to install"
     required: true
-    default: "3.10"
+    default: "3.11"
   go-dependencies:
     description: "Download go dependencies"
     required: true
diff --git a/test/quality/.yardstick.yaml b/test/quality/.yardstick.yaml
@@ -91,6 +91,11 @@ default_max_year: 2021
 result-sets:
   pr_vs_latest_via_sbom:
     description: "latest released grype vs grype from the current build (via SBOM ingestion)"
+    validations:
+      - max-f1-regression: 0.0
+        max-new-false-negatives: 00
+        max-unlabeled-percent: 10
+        max_year: 2021
     matrix:
       images: *images
 
@@ -112,6 +117,7 @@ result-sets:
           # for local build of grype, use for example:
           version: path:../../+import-db=db.tar.gz
           takes: SBOM
+          label: candidate
 
         - name: grype
           # note: we import a static (pinned) DB as to prevent changes in the DB from affecting the results. The
@@ -121,3 +127,4 @@ result-sets:
           # are testing with is not too stale.
           version: latest+import-db=db.tar.gz
           takes: SBOM
+          label: reference
diff --git a/test/quality/Makefile b/test/quality/Makefile
@@ -27,7 +27,7 @@ all: capture validate ## Fetch or capture all data and run all quality checks
 
 .PHONY: validate
 validate: venv $(VULNERABILITY_LABELS)/Makefile ## Run all quality checks against already collected data
-	$(ACTIVATE_VENV) ./gate.py
+	$(ACTIVATE_VENV) yardstick validate -r $(RESULT_SET)
 
 .PHONY: capture
 capture: sboms vulns ## Collect and store all syft and grype results
diff --git a/test/quality/gate.py b/test/quality/gate.py
diff --git a/test/quality/requirements.txt b/test/quality/requirements.txt
@@ -1,3 +1,3 @@
-git+https://github.com/anchore/yardstick@v0.9.1
+git+https://github.com/anchore/yardstick@v0.10.0
 # ../../../yardstick
 tabulate==0.9.0
