Skip to content

refactor: change UUID package to context-based implementation #9686

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

refactor: change UUID package to context-based implementation #9686

wants to merge 1 commit into from

Conversation

@knqyf263
Copy link
Collaborator

Description

Refactored UUID generation to use context-based approach, similar to the clock package implementation. The previous implementation was not thread-safe, so this change passes context.Context to UUID generation functions to enable deterministic UUID generation in tests while maintaining thread safety.

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@knqyf263
refactor: change UUID package to context-based implementation
687e100 
- Replaced global SetFakeUUID with context-based UUID generation
- Added With(ctx, format) to create context with fake UUID generator
- Updated New() to accept context parameter
- Added AddComponentWithContext to BOM for context-aware component creation
- Updated all production and test code to use new context-based API
- Thread-safe implementation with mutex-protected counter for tests
@knqyf263 knqyf263 self-assigned this Oct 17, 2025
@knqyf263 knqyf263 added the kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. label Oct 17, 2025
@github-actions github-actions bot added the apidiff Indicates Go API changes relevant to library consumers (CLI compatibility may be unaffected) label Oct 17, 2025
@github-actions
Copy link

📊 API Changes Detected

Semver impact: major

github.com/aquasecurity/trivy/pkg/sbom/io
  Incompatible changes:
  - (*Encoder).Encode: changed from func(github.com/aquasecurity/trivy/pkg/types.Report) (*github.com/aquasecurity/trivy/pkg/sbom/core.BOM, error) to func(context.Context, github.com/aquasecurity/trivy/pkg/types.Report) (*github.com/aquasecurity/trivy/pkg/sbom/core.BOM, error)

github.com/aquasecurity/trivy/pkg/uuid
  Incompatible changes:
  - New: changed from func() UUID to func(context.Context) UUID
  - SetFakeUUID: removed
  Compatible changes:
  - With: added

github.com/aquasecurity/trivy/pkg/sbom/core
  Incompatible changes:
  - (*BOM).AddComponent: changed from func(*Component) to func(context.Context, *Component)
  - (*BOM).AddRelationship: changed from func(*Component, *Component, RelationshipType) to func(context.Context, *Component, *Component, RelationshipType)
  - (*BOM).AddVulnerabilities: changed from func(*Component, []Vulnerability) to func(context.Context, *Component, []Vulnerability)

github.com/aquasecurity/trivy/pkg/sbom/spdx
  Incompatible changes:
  - github.com/aquasecurity/trivy/pkg/sbom/core.(*BOM).AddComponent: changed from func(*github.com/aquasecurity/trivy/pkg/sbom/core.Component) to func(context.Context, *github.com/aquasecurity/trivy/pkg/sbom/core.Component)
  - github.com/aquasecurity/trivy/pkg/sbom/core.(*BOM).AddRelationship: changed from func(*github.com/aquasecurity/trivy/pkg/sbom/core.Component, *github.com/aquasecurity/trivy/pkg/sbom/core.Component, github.com/aquasecurity/trivy/pkg/sbom/core.RelationshipType) to func(context.Context, *github.com/aquasecurity/trivy/pkg/sbom/core.Component, *github.com/aquasecurity/trivy/pkg/sbom/core.Component, github.com/aquasecurity/trivy/pkg/sbom/core.RelationshipType)
  - github.com/aquasecurity/trivy/pkg/sbom/core.(*BOM).AddVulnerabilities: changed from func(*github.com/aquasecurity/trivy/pkg/sbom/core.Component, []github.com/aquasecurity/trivy/pkg/sbom/core.Vulnerability) to func(context.Context, *github.com/aquasecurity/trivy/pkg/sbom/core.Component, []github.com/aquasecurity/trivy/pkg/sbom/core.Vulnerability)

github.com/aquasecurity/trivy/pkg/sbom/cyclonedx
  Incompatible changes:
  - github.com/aquasecurity/trivy/pkg/sbom/core.(*BOM).AddComponent: changed from func(*github.com/aquasecurity/trivy/pkg/sbom/core.Component) to func(context.Context, *github.com/aquasecurity/trivy/pkg/sbom/core.Component)
  - github.com/aquasecurity/trivy/pkg/sbom/core.(*BOM).AddRelationship: changed from func(*github.com/aquasecurity/trivy/pkg/sbom/core.Component, *github.com/aquasecurity/trivy/pkg/sbom/core.Component, github.com/aquasecurity/trivy/pkg/sbom/core.RelationshipType) to func(context.Context, *github.com/aquasecurity/trivy/pkg/sbom/core.Component, *github.com/aquasecurity/trivy/pkg/sbom/core.Component, github.com/aquasecurity/trivy/pkg/sbom/core.RelationshipType)
  - github.com/aquasecurity/trivy/pkg/sbom/core.(*BOM).AddVulnerabilities: changed from func(*github.com/aquasecurity/trivy/pkg/sbom/core.Component, []github.com/aquasecurity/trivy/pkg/sbom/core.Vulnerability) to func(context.Context, *github.com/aquasecurity/trivy/pkg/sbom/core.Component, []github.com/aquasecurity/trivy/pkg/sbom/core.Vulnerability)

@aqua-bot aqua-bot requested a review from a team October 17, 2025 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@afdesk afdesk Awaiting requested review from afdesk afdesk will be requested when the pull request is marked ready for review afdesk is a code owner

@simar7 simar7 Awaiting requested review from simar7 simar7 will be requested when the pull request is marked ready for review simar7 is a code owner

@DmitriyLewen DmitriyLewen Awaiting requested review from DmitriyLewen DmitriyLewen will be requested when the pull request is marked ready for review DmitriyLewen is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@knqyf263 knqyf263

Labels

apidiff Indicates Go API changes relevant to library consumers (CLI compatibility may be unaffected) kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@knqyf263