-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
yarn-v1: Create SBOM components from packages
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. Signed-off-by: Michal Šoltis <[email protected]>
- Loading branch information
1 parent
dadbe27
commit 577c09b
Showing
2 changed files
with
67 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
import itertools | ||
import json | ||
from pathlib import Path | ||
from typing import Any, Iterable | ||
|
@@ -54,19 +55,48 @@ def test_generate_build_environment_variables( | |
|
||
|
||
@pytest.mark.parametrize( | ||
"input_request, components", | ||
[ | ||
"input_request, package_components", | ||
( | ||
pytest.param( | ||
[{"type": "yarn", "path": "."}], | ||
[], | ||
[ | ||
[ | ||
Component( | ||
name="foo", | ||
purl="pkg:npm/[email protected]", | ||
version="1.0.0", | ||
), | ||
Component(name="bar", purl="pkg:npm/[email protected]", version="2.0.0"), | ||
], | ||
], | ||
id="single_input_package", | ||
), | ||
pytest.param( | ||
[{"type": "yarn", "path": "."}, {"type": "yarn", "path": "./path"}], | ||
[], | ||
[ | ||
[ | ||
Component( | ||
name="foo", | ||
purl="pkg:npm/[email protected]", | ||
version="1.0.0", | ||
), | ||
], | ||
[ | ||
Component( | ||
name="bar", | ||
purl="pkg:npm/[email protected]", | ||
version="2.0.0", | ||
), | ||
Component( | ||
name="baz", | ||
purl="pkg:npm/[email protected]", | ||
version="3.0.0", | ||
), | ||
], | ||
], | ||
id="multiple_input_packages", | ||
), | ||
], | ||
), | ||
indirect=["input_request"], | ||
) | ||
@mock.patch("cachi2.core.package_managers.yarn_classic.main._resolve_yarn_project") | ||
|
@@ -75,26 +105,28 @@ def test_fetch_yarn_source( | |
mock_create_project: mock.Mock, | ||
mock_resolve_yarn: mock.Mock, | ||
input_request: Request, | ||
package_components: list[Component], | ||
yarn_classic_env_variables: list[EnvironmentVariable], | ||
components: list[Component], | ||
) -> None: | ||
expected_output = RequestOutput( | ||
components=components, | ||
build_config=BuildConfig(environment_variables=yarn_classic_env_variables), | ||
) | ||
package_dirs = [ | ||
input_request.source_dir.join_within_root(p.path) for p in input_request.packages | ||
] | ||
projects = [_prepare_project(path, {}) for path in package_dirs] | ||
|
||
mock_create_project.side_effect = projects | ||
mock_resolve_yarn.side_effect = package_components | ||
|
||
output = fetch_yarn_source(input_request) | ||
|
||
mock_create_project.assert_has_calls([mock.call(path) for path in package_dirs]) | ||
mock_resolve_yarn.assert_has_calls([mock.call(p, input_request.output_dir) for p in projects]) | ||
|
||
assert input_request.output_dir.join_within_root("deps/yarn-classic").path.exists() | ||
expected_output = RequestOutput( | ||
components=list(itertools.chain.from_iterable(package_components)), | ||
build_config=BuildConfig(environment_variables=yarn_classic_env_variables), | ||
) | ||
assert output == expected_output | ||
assert input_request.output_dir.join_within_root(MIRROR_DIR).path.exists() | ||
|
||
|
||
@mock.patch("cachi2.core.package_managers.yarn_classic.main.resolve_packages") | ||
|