Skip to content

Commit

Permalink
feat(swiftpm): Add missing package references to the lockfile analysis
Browse files Browse the repository at this point in the history 
Dependencies should always be (transitively) linked to projects. When
analyzing a lockfile (only), the dependency tree information is not
available. So, simply regard all dependencies as direct dependencies of
the project, which is the only option available.

Fixes #8234.

Signed-off-by: Frank Viernau <[email protected]>
  • Loading branch information
@fviernau
fviernau committed Feb 7, 2024
1 parent 487bf92 commit ceb7e84
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 3 deletions.
8 changes: 8 additions & 0 deletions ...nagers/swiftpm/src/funTest/assets/projects/synthetic/expected-output-only-lockfile-v1.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,14 @@ project:
revision: "<REPLACE_REVISION>"
path: "<REPLACE_PATH>"
homepage_url: ""
scopes:
- name: "dependencies"
dependencies:
- id: "Swift::github.com/apple/swift-argument-parser:0.2.0"
- id: "Swift::github.com/apple/swift-crypto:"
- id: "Swift::github.com/apple/swift-llbuild:9.0.8"
- id: "Swift::github.com/braze-inc/braze-ios-sdk:branch-master"
- id: "Swift::github.com/grpc/grpc-swift:revision-efb67a324eaf1696b50e66bc471a53690e41fbf6"
packages:
- id: "Swift::github.com/apple/swift-argument-parser:0.2.0"
purl: "pkg:swift/github.com%2Fapple%[email protected]"
Expand Down
4 changes: 4 additions & 0 deletions ...nagers/swiftpm/src/funTest/assets/projects/synthetic/expected-output-only-lockfile-v2.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ project:
revision: "<REPLACE_REVISION>"
path: "<REPLACE_PATH>"
homepage_url: ""
scopes:
- name: "dependencies"
dependencies:
- id: "Swift::github.com/alamofire/alamofire:5.4.4"
packages:
- id: "Swift::github.com/alamofire/alamofire:5.4.4"
purl: "pkg:swift/github.com%2Falamofire%[email protected]"
Expand Down
1 change: 1 addition & 0 deletions ...nagers/swiftpm/src/funTest/assets/projects/synthetic/expected-output-only-lockfile-v3.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ project:
revision: "<REPLACE_REVISION>"
path: "<REPLACE_PATH>"
homepage_url: ""
scopes: []
packages: []
issues:
- timestamp: "1970-01-01T00:00:00Z"
Expand Down
15 changes: 12 additions & 3 deletions plugins/package-managers/swiftpm/src/main/kotlin/SwiftPm.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import org.ossreviewtoolkit.downloader.VersionControlSystem
import org.ossreviewtoolkit.model.Identifier
import org.ossreviewtoolkit.model.Issue
import org.ossreviewtoolkit.model.Package
import org.ossreviewtoolkit.model.PackageLinkage
import org.ossreviewtoolkit.model.PackageReference
import org.ossreviewtoolkit.model.Project
import org.ossreviewtoolkit.model.ProjectAnalyzerResult
Expand Down Expand Up @@ -94,15 +95,23 @@ class SwiftPm(
*/
private fun resolveLockfileDependencies(packageResolvedFile: File): List<ProjectAnalyzerResult> {
val issues = mutableListOf<Issue>()
val packages = mutableSetOf<Package>()
val scopeDependencies = mutableSetOf<Scope>()

val pins = parseLockfile(packageResolvedFile).onFailure {
parseLockfile(packageResolvedFile).onSuccess { pins ->
pins.mapTo(packages) { it.toPackage() }
scopeDependencies += Scope(
name = DEPENDENCIES_SCOPE_NAME,
dependencies = packages.mapTo(mutableSetOf()) { it.toReference(linkage = PackageLinkage.DYNAMIC) }
)
}.onFailure {
issues += Issue(source = managerName, message = it.message.orEmpty())
}.getOrDefault(emptySet())

return listOf(
ProjectAnalyzerResult(
project = projectFromDefinitionFile(packageResolvedFile, emptySet()),
packages = pins.mapTo(mutableSetOf()) { it.toPackage() },
project = projectFromDefinitionFile(packageResolvedFile, scopeDependencies),
packages = packages,
issues = issues
)
)
Expand Down

0 comments on commit ceb7e84

Please sign in to comment.