Skip to content

Commit

Permalink
refactor(reporter): update the TrustSource data model and the reporter
Browse files Browse the repository at this point in the history 
Signed-off-by: Grigory Markin <[email protected]>
  • Loading branch information
@gr-markin @sschuberth
gr-markin authored and sschuberth committed Nov 2, 2023
1 parent 91647b2 commit 7c0ca7c
Show file tree
Hide file tree
Showing 2 changed files with 72 additions and 36 deletions.
69 changes: 50 additions & 19 deletions plugins/reporters/trustsource/src/main/kotlin/TrustSourceModel.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,37 +19,68 @@

package org.ossreviewtoolkit.plugins.reporters.trustsource

import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable

import org.ossreviewtoolkit.model.Project

/**
* This class holds information about what dependencies have been "scanned", i.e. information that the ORT analyzer
* (not the ORT scanner) provides.
*/
@Serializable
data class TrustSourceModule(
data class NewScan(
/** Name of the TrustSource module, corresponds to an ORT [Project]. May be customized by the user. */
val module: String,
val moduleId: String,

val dependencies: List<TrustSourceDependency>
/** SCM tag of the module, if known. */
val tag: String = "",
/** SCM branch of the module, if known. */
val branch: String = "",
/** SCM commit hash of the module, if known. */
val commit: String = "",
/** List of the module's dependencies. */
val dependencies: List<Dependency>
)

@Serializable
data class TrustSourceDependency(
val key: String,
data class Dependency(
/** The package manager specific name of the dependency. */
val name: String,
val repoUrl: String,
val homepageUrl: String,
val description: String,
val checksum: String,
val private: Boolean,
val versions: List<String>,

val dependencies: List<TrustSourceDependency>,
val licenses: List<TrustSourceLicense>,
val meta: TrustSourceMeta
/** The Package URL of the dependency. */
val purl: String,
/** List of the dependency's dependencies. */
val dependencies: List<Dependency>,
/** The dependency's description as provided by metadata. */
val description: String = "",
/** Dependency's homepage, may differ from or be the same as [repositoryUrl]. */
val homepageUrl: String = "",
/** Repository with the dependency's source code. */
val repositoryUrl: String = "",
/** A map of "free text" checksum algorithm names and their values. */
val checksum: Map<String, String> = emptyMap(),
/** The list of declared licenses as read from metadata. */
val licenses: List<License> = emptyList(),
/** The TrustSource [Package] for this dependency's source, if available. */
@SerialName("package")
val pkg: Package? = null,
/** Indicates whether the dependency is publicly available in a package management system. */
val private: Boolean = false
)

@Serializable
data class TrustSourceLicense(
data class License(
/** SPDX license identifier / expression. */
val name: String,
val url: String
/** License text URL, if known. */
val url: String = ""
)

@Serializable
class TrustSourceMeta
data class Package(
/** Relative path to the license file within the source code, if available. */
val licenseFile: String = "",
/** Download URL to the source code of the package, e.g. a Maven sources JAR. */
val sourcesUrl: String = "",
/** A map of "free text" checksum algorithm names and their values. */
val sourcesChecksum: Map<String, String> = emptyMap()
)
39 changes: 22 additions & 17 deletions plugins/reporters/trustsource/src/main/kotlin/TrustSourceReporter.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,24 +42,22 @@ class TrustSourceReporter : Reporter {
val outputFile = outputDir.resolve(reportFilename)

val nav = input.ortResult.dependencyNavigator
val modules = input.ortResult.getProjects().map { project ->
val tsModuleDependencies = nav.scopeNames(project)
val scans = input.ortResult.getProjects().map { project ->
val deps = nav.scopeNames(project)
.flatMap { traverseDeps(input, nav.directDependencies(project, it)) }

TrustSourceModule(
NewScan(
module = project.id.name,
moduleId = "${project.id.type}:${project.id.name}",
dependencies = tsModuleDependencies
dependencies = deps
)
}

outputFile.outputStream().use { JSON.encodeToStream(modules, it) }

outputFile.outputStream().use { JSON.encodeToStream(scans, it) }
return listOf(outputFile)
}
}

private fun traverseDeps(input: ReporterInput, deps: Sequence<DependencyNode>): List<TrustSourceDependency> {
private fun traverseDeps(input: ReporterInput, deps: Sequence<DependencyNode>): List<Dependency> {
val tsDeps = deps.map { dep ->
val pkg = input.ortResult.getPackage(dep.id)

Expand All @@ -69,27 +67,34 @@ private fun traverseDeps(input: ReporterInput, deps: Sequence<DependencyNode>):
input.ortResult.getPackageLicenseChoices(dep.id),
input.ortResult.getRepositoryLicenseChoices()
)

val licenses = effectiveLicense?.decompose()?.map {
val name = it.toString()
val url = it.getLicenseUrl().orEmpty()

TrustSourceLicense(name, url)
License(name, url)
}

TrustSourceDependency(
key = "${dep.id.type}:${dep.id.name}",
val checksum = pkg?.metadata?.binaryArtifact?.hash?.let { mapOf(it.algorithm.name to it.value) }

val depPkg = pkg?.metadata?.sourceArtifact?.let {
Package(
sourcesUrl = it.url,
sourcesChecksum = mapOf(it.hash.algorithm.name to it.hash.value)
)
}

Dependency(
name = dep.id.name,
repoUrl = pkg?.metadata?.sourceArtifact?.url.orEmpty(),
purl = pkg?.metadata?.purl.orEmpty(),
repositoryUrl = pkg?.metadata?.vcs?.url.orEmpty(),
homepageUrl = pkg?.metadata?.homepageUrl.orEmpty(),
description = pkg?.metadata?.description.orEmpty(),
checksum = "",
private = false,

versions = listOf(dep.id.version),
checksum = checksum.orEmpty(),

dependencies = dep.visitDependencies { traverseDeps(input, it) },
licenses = licenses.orEmpty(),
meta = TrustSourceMeta()
pkg = depPkg
)
}

Expand Down

0 comments on commit 7c0ca7c

Please sign in to comment.