-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create SBOM components for yarn-classic packages
After a successful pre-fetching of all packages, report all downloaded packages as components in the final SBOM. Create the `Component` object from each package based on package attributes. Dev packages should have `cdx:npm:package:development` property, that is added to the component if package is marked for development -> `dev` attribute is set to True. Move the rest of the unit test logic to `test_fetch_yarn_source` from its predecessor in yarn-berry implementation. closes #636 Signed-off-by: Michal Šoltis <[email protected]>
- Loading branch information
1 parent
ef8f4c2
commit 80297c5
Showing
2 changed files
with
70 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
import itertools | ||
import json | ||
from pathlib import Path | ||
from typing import Any | ||
|
@@ -10,6 +11,7 @@ | |
from cachi2.core.models.output import BuildConfig, EnvironmentVariable, RequestOutput | ||
from cachi2.core.models.sbom import Component | ||
from cachi2.core.package_managers.yarn_classic.main import ( | ||
MIRROR_DIR, | ||
_fetch_dependencies, | ||
_generate_build_environment_variables, | ||
_get_prefetch_environment_variables, | ||
|
@@ -47,19 +49,48 @@ def test_generate_build_environment_variables( | |
|
||
|
||
@pytest.mark.parametrize( | ||
"input_request, components", | ||
[ | ||
"input_request, package_components", | ||
( | ||
pytest.param( | ||
[{"type": "yarn-classic", "path": "."}], | ||
[], | ||
[ | ||
[ | ||
Component( | ||
name="foo", | ||
purl="pkg:npm/[email protected]", | ||
version="1.0.0", | ||
), | ||
Component(name="bar", purl="pkg:npm/[email protected]", version="2.0.0"), | ||
], | ||
], | ||
id="single_input_package", | ||
), | ||
pytest.param( | ||
[{"type": "yarn-classic", "path": "."}, {"type": "yarn-classic", "path": "./path"}], | ||
[], | ||
[ | ||
[ | ||
Component( | ||
name="foo", | ||
purl="pkg:npm/[email protected]", | ||
version="1.0.0", | ||
), | ||
], | ||
[ | ||
Component( | ||
name="bar", | ||
purl="pkg:npm/[email protected]", | ||
version="2.0.0", | ||
), | ||
Component( | ||
name="baz", | ||
purl="pkg:npm/[email protected]", | ||
version="3.0.0", | ||
), | ||
], | ||
], | ||
id="multiple_input_packages", | ||
), | ||
], | ||
), | ||
indirect=["input_request"], | ||
) | ||
@mock.patch("cachi2.core.package_managers.yarn_classic.main._resolve_yarn_project") | ||
|
@@ -68,26 +99,28 @@ def test_fetch_yarn_source( | |
mock_create_project: mock.Mock, | ||
mock_resolve_yarn: mock.Mock, | ||
input_request: Request, | ||
package_components: list[Component], | ||
yarn_classic_env_variables: list[EnvironmentVariable], | ||
components: list[Component], | ||
) -> None: | ||
expected_output = RequestOutput( | ||
components=components, | ||
build_config=BuildConfig(environment_variables=yarn_classic_env_variables), | ||
) | ||
package_dirs = [ | ||
input_request.source_dir.join_within_root(p.path) for p in input_request.packages | ||
] | ||
projects = [_prepare_project(path, {}) for path in package_dirs] | ||
|
||
mock_create_project.side_effect = projects | ||
mock_resolve_yarn.side_effect = package_components | ||
|
||
output = fetch_yarn_source(input_request) | ||
|
||
mock_create_project.assert_has_calls([mock.call(path) for path in package_dirs]) | ||
mock_resolve_yarn.assert_has_calls([mock.call(p, input_request.output_dir) for p in projects]) | ||
|
||
assert input_request.output_dir.join_within_root("deps/yarn-classic").path.exists() | ||
expected_output = RequestOutput( | ||
components=list(itertools.chain.from_iterable(package_components)), | ||
build_config=BuildConfig(environment_variables=yarn_classic_env_variables), | ||
) | ||
assert output == expected_output | ||
assert input_request.output_dir.join_within_root(MIRROR_DIR).path.exists() | ||
|
||
|
||
@mock.patch("cachi2.core.package_managers.yarn_classic.main.resolve_packages") | ||
|