Skip to content

models: Silence CodeQL complaints about missing @classmethod decorators #1149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
eskultety merged 1 commit into from
Oct 10, 2025
Merged

models: Silence CodeQL complaints about missing @classmethod decorators #1149

eskultety merged 1 commit into from
Oct 10, 2025

Conversation

@eskultety
Copy link
Member

@eskultety eskultety commented Oct 10, 2025

CodeQL started to randomly complain that we use an unusual denominator 'cls' for model methods without being marked as classmethods explicitly. These complaints are annoying but the truth is we weren't exactly following Pydantic's official documentation where they declare validators like this in the examples [1]

[1] https://docs.pydantic.dev/latest/concepts/validators/

Resolves #1147

@coderabbitai
Copy link

coderabbitai bot commented Oct 10, 2025
edited
Loading

📝 Walkthrough

Walkthrough

Added @classmethod decorators to multiple Pydantic field and model validators across input, output, SBOM, RPM, and Yarn workspace modules; no changes to validator logic or control flow.

Changes

Cohort / File(s) Summary of Changes
Input model validators
hermeto/core/models/input.py		 Converted several Pydantic validators to classmethods: _PackageInputBase._path_is_relative, PipPackageInput._no_explicit_none, PipPackageInput._requirements_file_path_is_relative, ExtraOptions._validate_dnf_options (occurrences), Request._unique_packages, Request._check_packages_paths, Request._deprecation_warning, Request._packages_not_empty. No logic changes.
Output model validators
hermeto/core/models/output.py		 Converted BuildConfig._unique_env_vars and BuildConfig._unique_project_files to classmethods. No logic changes.
SBOM model validators
hermeto/core/models/sbom.py		 Converted validators to classmethods: Component._add_found_by_property, Sbom._unique_components, SPDXPackage._purls_validation, SPDXSbom._unique_packages. No logic changes.
RPM lock validators
hermeto/core/package_managers/rpm/redhat.py		 Added @classmethod to RedhatRpmsLock._version_redhat and RedhatRpmsLock._vendor_redhat. Signatures/behavior unchanged.
Yarn workspace validator
hermeto/core/package_managers/yarn_classic/workspaces.py		 Converted Workspace._ensure_package_is_named (validator on package_json) to a @classmethod. No logic changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)
Check name Status Explanation Resolution
Description Check ⚠️ Warning The PR description does not include the required maintainers checklist from the repository’s template, and it lacks explicit confirmation of items such as commit message quality, test coverage, and documentation updates which are specified by the template. Please include the repository’s template checklist in the description by adding the maintainer items for commit message clarity, test coverage validation, and documentation updates, ensuring each checkbox is addressed or marked as completed.
Docstring Coverage ⚠️ Warning Docstring coverage is 72.73% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (3 passed)
Check name Status Explanation
Title Check ✅ Passed The title clearly summarizes the primary change of silencing CodeQL complaints by adding missing @classmethod decorators to model methods without listing specific files, making it both concise and descriptive for a quick scan of the history.
Linked Issues Check ✅ Passed The PR decorates every method named with a 'cls' first parameter across the specified modules with @classmethod, thereby fulfilling the issue’s requirements to align method signatures with CodeQL expectations and silence the related warnings.
Out of Scope Changes Check ✅ Passed All changes in the pull request consist solely of adding @classmethod decorators to methods with a 'cls' parameter, and no unrelated code, formatting, or feature adjustments are present beyond the scope of silencing CodeQL warnings.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4138875 and 5e33fc6.

📒 Files selected for processing (5)
  • hermeto/core/models/input.py (7 hunks)
  • hermeto/core/models/output.py (1 hunks)
  • hermeto/core/models/sbom.py (4 hunks)
  • hermeto/core/package_managers/rpm/redhat.py (1 hunks)
  • hermeto/core/package_managers/yarn_classic/workspaces.py (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (3)
  • hermeto/core/models/input.py
  • hermeto/core/models/output.py
  • hermeto/core/models/sbom.py
🧰 Additional context used
🪛 Ruff (0.13.3)
hermeto/core/package_managers/rpm/redhat.py

76-76: Avoid specifying long messages outside the exception class

(TRY003)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Build container image and run integration tests on it
🔇 Additional comments (3)
hermeto/core/package_managers/yarn_classic/workspaces.py (1)

27-32: LGTM: Correctly aligns Pydantic field validator with @classmethod decorator.

The addition of @classmethod makes the intent explicit and resolves the CodeQL warning. The decorator order (field validator first, then classmethod) is correct for Pydantic v2, and the method signature already used cls as the first parameter.

hermeto/core/package_managers/rpm/redhat.py (2)

71-77: LGTM: Correctly aligns Pydantic field validator with @classmethod decorator.

The addition of @classmethod to the _version_redhat validator makes the intent explicit and resolves the CodeQL warning. The decorator order and method signature are correct for Pydantic v2.

79-85: LGTM: Correctly aligns Pydantic field validator with @classmethod decorator.

The addition of @classmethod to the _vendor_redhat validator makes the intent explicit and resolves the CodeQL warning. The decorator order and method signature are correct for Pydantic v2.

Note: The static analysis hint about TRY003 on line 76 is a pre-existing style suggestion unrelated to this PR's changes.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@eskultety eskultety force-pushed the hermeto-codeql-models branch from 0695520 to 4138875 Compare October 10, 2025 08:48
@slimreaper35
Copy link
Member

slimreaper35 commented Oct 10, 2025

I see a couple of more cases (unless we don't want to touch rpm)

@eskultety
models: Silence CodeQL complaints about missing @classmethod decorators
5e33fc6 
CodeQL started to randomly complain that we use an unusual denominator
'cls' for model methods without being marked as classmethods
explicitly. These complaints are annoying but the truth is we weren't
exactly following Pydantic's official documentation where they declare
validators like this in the examples [1]

[1] https://docs.pydantic.dev/latest/concepts/validators/

Resolves hermetoproject#1147

Signed-off-by: Erik Skultety <eskultet@redhat.com>
@eskultety eskultety force-pushed the hermeto-codeql-models branch from 4138875 to 5e33fc6 Compare October 10, 2025 09:29
@eskultety
Copy link
Member Author

eskultety commented Oct 10, 2025

I see a couple of more cases (unless we don't want to touch rpm)

* https://github.com/hermetoproject/hermeto/blob/main/hermeto/core/package_managers/yarn_classic/workspaces.py#L27

* https://github.com/hermetoproject/hermeto/blob/main/hermeto/core/package_managers/rpm/redhat.py

Sigh, fixed.

@eskultety eskultety mentioned this pull request Oct 10, 2025
Merged
4 tasks
@a-ovchinnikov
Copy link
Contributor

a-ovchinnikov commented Oct 10, 2025

To be fair the docs ask for a callable, looks like a @staticmethod could have mostly worked as well since cls is used only in SPDX (and IIRC it is used to call a static method anyway).

@eskultety eskultety added this pull request to the merge queue Oct 10, 2025
Merged via the queue into hermetoproject:main with commit 86a76ce Oct 10, 2025
13 checks passed
@eskultety eskultety deleted the hermeto-codeql-models branch October 10, 2025 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@a-ovchinnikov a-ovchinnikov a-ovchinnikov approved these changes

@slimreaper35 slimreaper35 slimreaper35 approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Decorate class methods with a decorator

3 participants

@eskultety @slimreaper35 @a-ovchinnikov