actions/component-detection-dependency-submission-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #4 from actions/weekly-sync-branch-15774881579

Browse Source 
Sync Fork with Upstream
This commit is contained in:
Lewis Jones
2025-06-20 09:40:55 +01:00
committed by GitHub
parent ef571d5a84 67f3292117
commit 466989c808
5 changed files with 218 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
componentDetection.test.ts
View File

@@ -68,3 +68,114 @@ describe("ComponentDetection.makePackageUrl", () => {
expect(packageUrl).toBe("");
});
});
describe("ComponentDetection.processComponentsToManifests", () => {
test("adds package as direct dependency when no top level referrers", () => {
const componentsFound = [
{
component: {
name: "test-package",
version: "1.0.0",
packageUrl: {
Scheme: "pkg",
Type: "npm",
Name: "test-package",
Version: "1.0.0"
},
id: "test-package 1.0.0 - npm"
},
isDevelopmentDependency: false,
topLevelReferrers: [], // Empty = direct dependency
locationsFoundAt: ["package.json"]
}
];
const manifests = ComponentDetection.processComponentsToManifests(componentsFound);
expect(manifests).toHaveLength(1);
expect(manifests[0].name).toBe("package.json");
expect(manifests[0].directDependencies()).toHaveLength(1);
expect(manifests[0].indirectDependencies()).toHaveLength(0);
expect(manifests[0].countDependencies()).toBe(1);
});
test("adds package as indirect dependency when has top level referrers", () => {
const componentsFound = [
{
component: {
name: "test-package",
version: "1.0.0",
packageUrl: {
Scheme: "pkg",
Type: "npm",
Name: "test-package",
Version: "1.0.0"
},
id: "test-package 1.0.0 - npm"
},
isDevelopmentDependency: false,
topLevelReferrers: [
{
name: "parent-package",
version: "1.0.0",
packageUrl: {
Scheme: "pkg",
Type: "npm",
Name: "parent-package",
Version: "1.0.0"
}
}
],
locationsFoundAt: ["package.json"]
}
];
const manifests = ComponentDetection.processComponentsToManifests(componentsFound);
expect(manifests).toHaveLength(1);
expect(manifests[0].name).toBe("package.json");
expect(manifests[0].directDependencies()).toHaveLength(0);
expect(manifests[0].indirectDependencies()).toHaveLength(1);
expect(manifests[0].countDependencies()).toBe(1);
});
test("adds package as direct dependency when top level referrer is itself", () => {
const componentsFound = [
{
component: {
name: "test-package",
version: "1.0.0",
packageUrl: {
Scheme: "pkg",
Type: "npm",
Name: "test-package",
Version: "1.0.0"
},
id: "test-package 1.0.0 - npm"
},
isDevelopmentDependency: false,
topLevelReferrers: [
{
name: "test-package",
version: "1.0.0",
packageUrl: {
Scheme: "pkg",
Type: "npm",
Name: "test-package",
Version: "1.0.0"
}
}
],
locationsFoundAt: ["package.json"]
}
];
const manifests = ComponentDetection.processComponentsToManifests(componentsFound);
expect(manifests).toHaveLength(1);
expect(manifests[0].name).toBe("package.json");
expect(manifests[0].directDependencies()).toHaveLength(1);
expect(manifests[0].indirectDependencies()).toHaveLength(0);
expect(manifests[0].countDependencies()).toBe(1);
});
});

34
componentDetection.ts
View File

@@ -68,14 +68,17 @@ export default class ComponentDetection {
public static async getManifestsFromResults(): Promise<Manifest[] | undefined> {
core.info("Getting manifests from results");
const results = await fs.readFileSync(this.outputPath, 'utf8');
var json: any = JSON.parse(results);
return this.processComponentsToManifests(json.componentsFound);
}
public static processComponentsToManifests(componentsFound: any[]): Manifest[] {
// Parse the result file and add the packages to the package cache
const packageCache = new PackageCache();
const packages: Array<ComponentDetectionPackage> = [];
const results = await fs.readFileSync(this.outputPath, 'utf8');
var json: any = JSON.parse(results);
json.componentsFound.forEach(async (component: any) => {
componentsFound.forEach(async (component: any) => {
// Skip components without packageUrl
if (!component.component.packageUrl) {
core.debug(`Skipping component detected without packageUrl: ${JSON.stringify({
@@ -113,6 +116,7 @@ export default class ComponentDetection {
}
const referrerUrl = ComponentDetection.makePackageUrl(referrer.packageUrl);
referrer.packageUrlString = referrerUrl
// Skip if the generated packageUrl is empty
if (!referrerUrl) {
@@ -135,20 +139,32 @@ export default class ComponentDetection {
const manifests: Array<Manifest> = [];
// Check the locationsFoundAt for every package and add each as a manifest
packages.forEach(async (pkg: ComponentDetectionPackage) => {
pkg.locationsFoundAt.forEach(async (location: any) => {
this.addPackagesToManifests(packages, manifests);
return manifests;
}
private static addPackagesToManifests(packages: Array<ComponentDetectionPackage>, manifests: Array<Manifest>): void {
packages.forEach((pkg: ComponentDetectionPackage) => {
pkg.locationsFoundAt.forEach((location: any) => {
if (!manifests.find((manifest: Manifest) => manifest.name == location)) {
const manifest = new Manifest(location, location);
manifests.push(manifest);
}
if (pkg.topLevelReferrers.length == 0) {
// Filter out self-references from topLevelReferrers
const nonSelfReferrers = pkg.topLevelReferrers.filter((referrer: any) => {
if (!referrer.packageUrlString) return false;
return referrer.packageUrlString !== pkg.packageUrlString;
});
if (nonSelfReferrers.length == 0) {
manifests.find((manifest: Manifest) => manifest.name == location)?.addDirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
} else {
manifests.find((manifest: Manifest) => manifest.name == location)?.addIndirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
}
});
});
return manifests;
}
private static getDependencyScope(pkg: ComponentDetectionPackage) {
@@ -236,10 +252,12 @@ export default class ComponentDetection {
}
class ComponentDetectionPackage extends Package {
public packageUrlString: string;
constructor(packageUrl: string, public id: string, public isDevelopmentDependency: boolean, public topLevelReferrers: [],
public locationsFoundAt: [], public containerDetailIds: [], public containerLayerIds: []) {
super(packageUrl);
this.packageUrlString = packageUrl;
}
}

2
dist/componentDetection.d.ts generated vendored
View File

@@ -7,6 +7,8 @@ export default class ComponentDetection {
static runComponentDetection(path: string): Promise<void>;
private static getComponentDetectionParameters;
static getManifestsFromResults(): Promise<Manifest[] | undefined>;
static processComponentsToManifests(componentsFound: any[]): Manifest[];
private static addPackagesToManifests;
private static getDependencyScope;
static makePackageUrl(packageUrlJson: any): string;
private static getLatestReleaseURL;

142
dist/index.js generated vendored
View File

@@ -36054,78 +36054,91 @@ class ComponentDetection {
static getManifestsFromResults() {
return __awaiter(this, void 0, void 0, function* () {
core.info("Getting manifests from results");
// Parse the result file and add the packages to the package cache
const packageCache = new dependency_submission_toolkit_1.PackageCache();
const packages = [];
const results = yield fs_1.default.readFileSync(this.outputPath, 'utf8');
var json = JSON.parse(results);
json.componentsFound.forEach((component) => __awaiter(this, void 0, void 0, function* () {
// Skip components without packageUrl
if (!component.component.packageUrl) {
core.debug(`Skipping component detected without packageUrl: ${JSON.stringify({
id: component.component.id,
name: component.component.name || 'unnamed',
type: component.component.type || 'unknown'
}, null, 2)}`);
return this.processComponentsToManifests(json.componentsFound);
});
}
static processComponentsToManifests(componentsFound) {
// Parse the result file and add the packages to the package cache
const packageCache = new dependency_submission_toolkit_1.PackageCache();
const packages = [];
componentsFound.forEach((component) => __awaiter(this, void 0, void 0, function* () {
// Skip components without packageUrl
if (!component.component.packageUrl) {
core.debug(`Skipping component detected without packageUrl: ${JSON.stringify({
id: component.component.id,
name: component.component.name || 'unnamed',
type: component.component.type || 'unknown'
}, null, 2)}`);
return;
}
const packageUrl = ComponentDetection.makePackageUrl(component.component.packageUrl);
// Skip if the packageUrl is empty (indicates an invalid or missing packageUrl)
if (!packageUrl) {
core.debug(`Skipping component with invalid packageUrl: ${component.component.id}`);
return;
}
if (!packageCache.hasPackage(packageUrl)) {
const pkg = new ComponentDetectionPackage(packageUrl, component.component.id, component.isDevelopmentDependency, component.topLevelReferrers, component.locationsFoundAt, component.containerDetailIds, component.containerLayerIds);
packageCache.addPackage(pkg);
packages.push(pkg);
}
}));
// Set the transitive dependencies
core.debug("Sorting out transitive dependencies");
packages.forEach((pkg) => __awaiter(this, void 0, void 0, function* () {
pkg.topLevelReferrers.forEach((referrer) => __awaiter(this, void 0, void 0, function* () {
// Skip if referrer doesn't have a valid packageUrl
if (!referrer.packageUrl) {
core.debug(`Skipping referrer without packageUrl for component: ${pkg.id}`);
return;
}
const packageUrl = ComponentDetection.makePackageUrl(component.component.packageUrl);
// Skip if the packageUrl is empty (indicates an invalid or missing packageUrl)
if (!packageUrl) {
core.debug(`Skipping component with invalid packageUrl: ${component.component.id}`);
const referrerUrl = ComponentDetection.makePackageUrl(referrer.packageUrl);
referrer.packageUrlString = referrerUrl;
// Skip if the generated packageUrl is empty
if (!referrerUrl) {
core.debug(`Skipping referrer with invalid packageUrl for component: ${pkg.id}`);
return;
}
if (!packageCache.hasPackage(packageUrl)) {
const pkg = new ComponentDetectionPackage(packageUrl, component.component.id, component.isDevelopmentDependency, component.topLevelReferrers, component.locationsFoundAt, component.containerDetailIds, component.containerLayerIds);
packageCache.addPackage(pkg);
packages.push(pkg);
try {
const referrerPackage = packageCache.lookupPackage(referrerUrl);
if (referrerPackage) {
referrerPackage.dependsOn(pkg);
}
}
catch (error) {
core.debug(`Error looking up referrer package: ${error}`);
}
}));
// Set the transitive dependencies
core.debug("Sorting out transitive dependencies");
packages.forEach((pkg) => __awaiter(this, void 0, void 0, function* () {
pkg.topLevelReferrers.forEach((referrer) => __awaiter(this, void 0, void 0, function* () {
// Skip if referrer doesn't have a valid packageUrl
if (!referrer.packageUrl) {
core.debug(`Skipping referrer without packageUrl for component: ${pkg.id}`);
return;
}
const referrerUrl = ComponentDetection.makePackageUrl(referrer.packageUrl);
// Skip if the generated packageUrl is empty
if (!referrerUrl) {
core.debug(`Skipping referrer with invalid packageUrl for component: ${pkg.id}`);
return;
}
try {
const referrerPackage = packageCache.lookupPackage(referrerUrl);
if (referrerPackage) {
referrerPackage.dependsOn(pkg);
}
}
catch (error) {
core.debug(`Error looking up referrer package: ${error}`);
}
}));
}));
// Create manifests
const manifests = [];
// Check the locationsFoundAt for every package and add each as a manifest
packages.forEach((pkg) => __awaiter(this, void 0, void 0, function* () {
pkg.locationsFoundAt.forEach((location) => __awaiter(this, void 0, void 0, function* () {
var _a, _b;
if (!manifests.find((manifest) => manifest.name == location)) {
const manifest = new dependency_submission_toolkit_1.Manifest(location, location);
manifests.push(manifest);
}
if (pkg.topLevelReferrers.length == 0) {
(_a = manifests.find((manifest) => manifest.name == location)) === null || _a === void 0 ? void 0 : _a.addDirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
}
else {
(_b = manifests.find((manifest) => manifest.name == location)) === null || _b === void 0 ? void 0 : _b.addIndirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
}
}));
}));
return manifests;
}));
// Create manifests
const manifests = [];
// Check the locationsFoundAt for every package and add each as a manifest
this.addPackagesToManifests(packages, manifests);
return manifests;
}
static addPackagesToManifests(packages, manifests) {
packages.forEach((pkg) => {
pkg.locationsFoundAt.forEach((location) => {
var _a, _b;
if (!manifests.find((manifest) => manifest.name == location)) {
const manifest = new dependency_submission_toolkit_1.Manifest(location, location);
manifests.push(manifest);
}
// Filter out self-references from topLevelReferrers
const nonSelfReferrers = pkg.topLevelReferrers.filter((referrer) => {
if (!referrer.packageUrlString)
return false;
return referrer.packageUrlString !== pkg.packageUrlString;
});
if (nonSelfReferrers.length == 0) {
(_a = manifests.find((manifest) => manifest.name == location)) === null || _a === void 0 ? void 0 : _a.addDirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
}
else {
(_b = manifests.find((manifest) => manifest.name == location)) === null || _b === void 0 ? void 0 : _b.addIndirectDependency(pkg, ComponentDetection.getDependencyScope(pkg));
}
});
});
}
static getDependencyScope(pkg) {
@@ -36216,6 +36229,7 @@ class ComponentDetectionPackage extends dependency_submission_toolkit_1.Package
this.locationsFoundAt = locationsFoundAt;
this.containerDetailIds = containerDetailIds;
this.containerLayerIds = containerLayerIds;
this.packageUrlString = packageUrl;
}
}

2
dist/index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long