Add validation for all go.sum files in workspace

Signed-off-by: ejegrova <[email protected]>
containerbuildsystem · Mar 12, 2024 · fee8f1e · fee8f1e
1 parent f716953
commit fee8f1e
Showing 1 changed file with 27 additions and 10 deletions.
diff --git a/cachi2/core/package_managers/gomod.py b/cachi2/core/package_managers/gomod.py
@@ -734,7 +734,6 @@ def _resolve_gomod(
     :raises PackageManagerError: if fetching dependencies fails
     """
     _protect_against_symlinks(app_dir)
-    modules_in_go_sum = _parse_go_sum(app_dir)
 
     config = get_config()
 
@@ -824,6 +823,11 @@ def _resolve_gomod(
     except NameError:
         raise PackageManagerError(f"Main module not found, it should have been at {app_dir.path}.")
 
+    raw_main_module = module_list.pop(0)
+    main_module_name = raw_main_module["Path"]
+    module_list_paths = [RootedPath(module["Dir"]) for module in module_list]
+    modules_in_go_sum = _parse_go_sum_files(app_dir, module_list_paths)
+
     def get_relative_path_workspace_to_main_module(path1: Path, path2: Path) -> str:
         """Return relative path from workspace module to main module."""
         if not path2.is_relative_to(app_dir.root):
@@ -881,20 +885,33 @@ def go_list_deps(pattern: Literal["./...", "all"]) -> Iterator[ParsedPackage]:
     return ResolvedGoModule(main_module, all_modules, all_packages, modules_in_go_sum)
 
 
-def _parse_go_sum(module_dir: RootedPath) -> frozenset[ModuleID]:
+def _parse_go_sum_files(
+    app_dir: RootedPath, module_dir_list: list[RootedPath]
+) -> frozenset[ModuleID]:
+
+    go_sum_files_list = [RootedPath(app_dir.root).join_within_root("go.work.sum")]
+    go_sum_files_list.extend(
+        [module_dir.join_within_root("go.sum") for module_dir in module_dir_list]
+    )
+
+    modules: list[ModuleID] = []
+    for go_sum_file in go_sum_files_list:
+        if not go_sum_file.path.exists():
+            continue
+        modules.extend(_parse_go_sum(go_sum_file))
+
+    return frozenset(modules)
+
+
+def _parse_go_sum(go_sum_file: RootedPath) -> list[tuple[str, str]]:
     """Return the set of modules present in the go.sum file in the specified directory.
 
     A module is considered present if the checksum for its .zip file is present. The go.mod file
     checksums are not relevant for our purposes.
     """
-    go_sum = module_dir.join_within_root("go.sum")
-    if not go_sum.path.exists():
-        return frozenset()
-
     modules: list[ModuleID] = []
-
     # https://github.com/golang/go/blob/d5c5808534f0ad97333b1fd5fff81998f44986fe/src/cmd/go/internal/modfetch/fetch.go#L507-L534
-    lines = go_sum.path.read_text().splitlines()
+    lines = go_sum_file.path.read_text().splitlines()
     for i, go_sum_line in enumerate(lines):
         parts = go_sum_line.split()
         if not parts:
@@ -905,7 +922,7 @@ def _parse_go_sum(module_dir: RootedPath) -> frozenset[ModuleID]:
             #   of go.sum for checksum verification
             log.warning(
                 "%s:%d: malformed line, skipping the rest of the file: %r",
-                go_sum.subpath_from_root,
+                go_sum_file.subpath_from_root,
                 i + 1,
                 go_sum_line,
             )
@@ -917,7 +934,7 @@ def _parse_go_sum(module_dir: RootedPath) -> frozenset[ModuleID]:
 
         modules.append((name, version))
 
-    return frozenset(modules)
+    return modules
 
 
 def _deduplicate_resolved_modules(