feat(adv): new FSPutter constructor for automatic encode config

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>

Author: luhring

pkg/advisory/fs_putter.go

@@ -10,6 +10,7 @@ import (
 
 	cgaid "github.com/chainguard-dev/advisory-schema/pkg/advisory"
 	v2 "github.com/chainguard-dev/advisory-schema/pkg/advisory/v2"
+	"github.com/chainguard-dev/yam/pkg/util"
 	"github.com/chainguard-dev/yam/pkg/yam/formatted"
 	"github.com/wolfi-dev/wolfictl/pkg/configs/rwfs"
 )
@@ -58,6 +59,33 @@ func NewFSPutter(fsys rwfs.FS, enc DocumentEncoder) *FSPutter {
 	}
 }
 
+// NewFSPutterWithAutomaticEncoder creates and returns a new FSPutter. It
+// determines the encoder configuration by attempting to use the `.yam.yaml`
+// file at the root of the given `fsys`. If none is available, a default
+// configuration is used for the encoder.
+func NewFSPutterWithAutomaticEncoder(fsys rwfs.FS) *FSPutter {
+	// We'll set defaults to be used if we can't open and use the config file.
+	encodeOptions := formatted.EncodeOptions{
+		Indent:         2,
+		GapExpressions: []string{".", ".advisories"},
+	}
+
+	// Best-effort attempt to read the config file. If any we hit any errors, we're
+	// totally fine using the above defaults.
+
+	cfgFile, err := fsys.Open(util.ConfigFileName)
+	if err == nil {
+		defer cfgFile.Close()
+
+		encodeOptionsFromFsys, err := formatted.ReadConfigFrom(cfgFile)
+		if err == nil {
+			encodeOptions = *encodeOptionsFromFsys
+		}
+	}
+
+	return NewFSPutter(fsys, NewYamDocumentEncoder(encodeOptions))
+}
+
 func (p FSPutter) Upsert(_ context.Context, request Request) (string, error) {
 	if request.Package == "" {
 		return "", ErrEmptyPackage

pkg/advisory/fs_putter_test.go

@@ -159,3 +159,47 @@ func TestFSPutter_Upsert(t *testing.T) {
 		})
 	}
 }
+
+func TestNewFSPutterWithAutomaticEncoder(t *testing.T) {
+	cases := []string{
+		"with-config-file",
+		"without-config-file",
+	}
+
+	testTime := v2.Timestamp(time.Date(2025, 3, 11, 2, 40, 18, 0, time.UTC))
+
+	for _, tt := range cases {
+		t.Run(tt, func(t *testing.T) {
+			ctx := t.Context()
+			testDir := filepath.Join("testdata", "fs_putter", "automatic-encoder", tt)
+
+			fsys, err := testerfs.New(os.DirFS(testDir))
+			require.NoError(t, err, "creating test filesystem")
+
+			p := NewFSPutterWithAutomaticEncoder(fsys) // (we want to test this constructor specifically)
+			require.NotNil(t, p, "creating FSPutter")
+
+			req := Request{
+				Package:    "foo",
+				AdvisoryID: "CGA-xvg9-g29c-rr68",
+				Event: v2.Event{
+					Timestamp: testTime,
+					Type:      v2.EventTypeFixed,
+					Data: v2.Fixed{
+						FixedVersion: "1.2.3-r4",
+					},
+				},
+			}
+
+			// We're upserting just so that we can see if `NewFSPutterWithAutomaticEncoder`
+			// set up the encoder correctly (when YAML data is written to the filesystem).
+
+			_, err = p.Upsert(ctx, req)
+			require.NoError(t, err, "upserting advisory data")
+
+			if diff := fsys.DiffAll(); diff != "" {
+				t.Errorf("filesystem in an unexpected state (-want +got):\n%s", diff)
+			}
+		})
+	}
+}

pkg/advisory/testdata/fs_putter/automatic-encoder/with-config-file/.yam.yaml

@@ -0,0 +1,3 @@
+gap:
+  - ".advisories[].aliases"
+indent: 2

pkg/advisory/testdata/fs_putter/automatic-encoder/with-config-file/_expected.yam.yaml

@@ -0,0 +1,3 @@
+gap:
+  - ".advisories[].aliases"
+indent: 2

pkg/advisory/testdata/fs_putter/automatic-encoder/with-config-file/foo.advisories.yaml

@@ -0,0 +1,16 @@
+schema-version: 2.0.2
+
+package:
+  name: foo
+
+advisories:
+  - id: CGA-xvg9-g29c-rr68
+    aliases:
+      - CVE-2016-7075
+      - GHSA-7w66-j2r2-vm3
+    events:
+      - timestamp: 2025-03-10T17:55:22Z
+        type: false-positive-determination
+        data:
+          type: component-vulnerability-mismatch
+          note: Vulnerability only impacts OpenShift

pkg/advisory/testdata/fs_putter/automatic-encoder/with-config-file/foo_expected.advisories.yaml

@@ -0,0 +1,19 @@
+schema-version: 2.0.2
+package:
+  name: foo
+advisories:
+  - id: CGA-xvg9-g29c-rr68
+    aliases:
+      - CVE-2016-7075
+
+      - GHSA-7w66-j2r2-vm3
+    events:
+      - timestamp: 2025-03-10T17:55:22Z
+        type: false-positive-determination
+        data:
+          type: component-vulnerability-mismatch
+          note: Vulnerability only impacts OpenShift
+      - timestamp: 2025-03-11T02:40:18Z
+        type: fixed
+        data:
+          fixed-version: 1.2.3-r4

pkg/advisory/testdata/fs_putter/automatic-encoder/without-config-file/foo.advisories.yaml

@@ -0,0 +1,14 @@
+schema-version: 2.0.2
+package:
+  name: foo
+advisories:
+  - id: CGA-xvg9-g29c-rr68
+    aliases:
+      - CVE-2016-7075
+      - GHSA-7w66-j2r2-vm3
+    events:
+      - timestamp: 2025-03-10T17:55:22Z
+        type: false-positive-determination
+        data:
+          type: component-vulnerability-mismatch
+          note: Vulnerability only impacts OpenShift

pkg/advisory/testdata/fs_putter/automatic-encoder/without-config-file/foo_expected.advisories.yaml

@@ -0,0 +1,20 @@
+schema-version: 2.0.2
+
+package:
+  name: foo
+
+advisories:
+  - id: CGA-xvg9-g29c-rr68
+    aliases:
+      - CVE-2016-7075
+      - GHSA-7w66-j2r2-vm3
+    events:
+      - timestamp: 2025-03-10T17:55:22Z
+        type: false-positive-determination
+        data:
+          type: component-vulnerability-mismatch
+          note: Vulnerability only impacts OpenShift
+      - timestamp: 2025-03-11T02:40:18Z
+        type: fixed
+        data:
+          fixed-version: 1.2.3-r4