Hook up the front end

This commit is contained in:
Justin Hutchings
2023-01-22 01:06:08 +00:00
parent 54c1b17e12
commit 5db9416322
7 changed files with 8687 additions and 175 deletions
+5 -1
View File
@@ -1,4 +1,4 @@
import {downloadLatestRelease, runComponentDetection} from './componentDetection';
import {downloadLatestRelease, getManifestsFromResults, runComponentDetection} from './componentDetection';
test('Downloads CLI', async () => {
downloadLatestRelease();
@@ -6,4 +6,8 @@ test('Downloads CLI', async () => {
test('Runs CLI', async () => {
runComponentDetection('./test');
});
test('Parses CLI output', async () => {
getManifestsFromResults();
});
+132 -163
View File
@@ -16,55 +16,142 @@ import dotenv from 'dotenv'
import { Context } from '@actions/github/lib/context'
import { unmockedModulePathPatterns } from './jest.config'
dotenv.config();
export default class ComponentDetection {
private componentDetectionPath = './component-detection';
private outputPath = './output.json';
export const componentDetectionPath = './component-detection';
const outputPath = './output.json';
dependencyGraphs: {
manifest: {
graph: {
dependencies: [],
},
explicitlyReferencedComponentIds: [],
developmentDependencies: [],
dependencies: []
// This is the default entry point for this class.
static async scanAndGetManifests(path: string): Promise<Manifest[] | undefined> {
await this.downloadLatestRelease();
await this.runComponentDetection(path);
return await this.getManifestsFromResults();
}
// Get the latest release from the component-detection repo, download the tarball, and extract it
private static async downloadLatestRelease() {
try {
const downloadURL = await getLatestReleaseURL();
const blob = await (await fetch(new URL(downloadURL))).blob();
const arrayBuffer = await blob.arrayBuffer();
const buffer = Buffer.from(arrayBuffer);
// Write the blob to a file
await fs.writeFile(componentDetectionPath, buffer, {mode: 0o777, flag: 'w'},
(err: any) => {
if (err) {
core.error(err);
}
});
} catch (error: any) {
core.error(error);
}
}
// Run the component-detection CLI on the path specified
private static async runComponentDetection(path: string) {
try {
await exec.exec(`${componentDetectionPath} scan --SourceDirectory ${path} --ManifestFile ${outputPath}`);
} catch (error: any) {
core.error(error);
}
}
private static async getManifestsFromResults(): Promise<Manifest[]| undefined> {
try {
// Parse the result file and add the packages to the package cache
const packageCache = new PackageCache();
const packages: Array<ComponentDetectionPackage>= [];
const results = await fs.readFileSync(outputPath, 'utf8');
var json: any = JSON.parse(results);
json.componentsFound.forEach(async (component: any) => {
const packageUrl = makePackageUrl(component.component.packageUrl);
if (!packageCache.hasPackage(packageUrl)) {
const pkg = new ComponentDetectionPackage(packageUrl, component.component.id,
component.isDevelopmentDependency,component.topLevelReferrers,component.locationsFoundAt, component.containerDetailIds, component.containerLayerIds);
packageCache.addPackage(pkg);
packages.push(pkg);
}
});
// Set the transitive dependencies
packages.forEach(async (pkg: ComponentDetectionPackage) => {
pkg.toplevelReferrers.forEach(async (referrer: any) => {
const referrerPackage = packageCache.lookupPackage(makePackageUrl(referrer.packageUrl));
if (referrerPackage) {
referrerPackage.dependsOn(pkg);
}
});
});
// Create manifests
const manifests: Array<Manifest> = [];
// Check the locationsFoundAt for every package and add each as a manifest
packages.forEach(async (pkg: ComponentDetectionPackage) => {
pkg.locationsFoundAt.forEach(async (location: any) => {
if (!manifests[location.filePath]) {
const manifest = new Manifest(location.filePath, location.filePath);
manifests.push(manifest);
}
if (pkg.toplevelReferrers.length == 0) {
manifests.find((manifest: Manifest) => manifest.file == location.filePath)?.addDirectDependency(pkg, getDependencyScope(pkg));
} else {
manifests.find((manifest: Manifest) => manifest.file == location.filePath)?.addIndirectDependency(pkg, getDependencyScope(pkg)); }
});
});
core.debug(JSON.stringify(manifests));
return manifests;
} catch (error: any) {
core.error(error);
return undefined;
}
}
private static getDependencyScope(pkg: ComponentDetectionPackage) {
return pkg.isDevelopmentDependency ? 'development' : 'runtime'
}
private static makePackageUrl(packageUrlJson: any): string {
var packageUrl = `${packageUrlJson.Scheme}:${packageUrlJson.Type}/`;
if (packageUrlJson.Namespace) {
packageUrl += `${packageUrlJson.Namespace.replace("@", "%40")}/`;
}
packageUrl += `${packageUrlJson.Name.replace("@", "%40")}`;
if (packageUrlJson.Version) {
packageUrl += `@${packageUrlJson.Version}`;
}
if (packageUrlJson.Qualifiers) {
packageUrl += `?${packageUrlJson.Qualifiers}`;
}
return packageUrl;
}
private static getLatestReleaseURL(): Promise<string> {
const githubToken = core.getInput('token') || process.env.GITHUB_TOKEN2 || "";
const octokit = github.getOctokit(githubToken);
const owner = "microsoft";
const repo = "component-detection";
const latestRelease = await octokit.rest.repos.getLatestRelease({
owner, repo
});
var downloadURL: string = "";
latestRelease.data.assets.forEach((asset: any) => {
if (asset.name === "component-detection-linux-x64") {
downloadURL = asset.browser_download_url;
}
},
componentsFound: [
{
locationsFoundAt: [
filePath: string
],
component: {
name: string,
version: string,
hash: string,
author: string,
type: string,
id: string,
packageUrl: {
Scheme: string,
Type: string,
Namespace: string,
Name: string,
Version: string,
Qualifiers: string,
Subpath: string
},
},
detectorId: string,
isDevelopmentDependency: boolean,
dependencyScope: string,
topLevelReferrers: [],
containerDetailIds: [],
containerLayerIds: []
}
],
detectorsInScan: [],
sourceDirectory: string,
};
*/
});
return downloadURL;
}
}
class ComponentDetectionPackage extends Package {
constructor(packageUrl: string, id: string, isDevelopmentDependency:boolean, topLevelReferrers: [],
locationsFoundAt: [], containerDetailIds: [], containerLayerIds: []) {
super(packageUrl);
@@ -84,129 +171,11 @@ class ComponentDetectionPackage extends Package {
}
// Get the latest release from the component-detection repo, download the tarball, and extract it
export async function downloadLatestRelease() {
try {
const downloadURL = await getLatestReleaseURL();
const blob = await (await fetch(new URL(downloadURL))).blob();
const arrayBuffer = await blob.arrayBuffer();
const buffer = Buffer.from(arrayBuffer);
// Write the blob to a file
await fs.writeFile(componentDetectionPath, buffer, {mode: 0o777, flag: 'w'},
(err: any) => {
if (err) {
core.error(err);
}
});
} catch (error: any) {
core.error(error);
}
}
// Run the component-detection CLI on the path specified
export async function runComponentDetection(path: string) {
try {
await exec.exec(`${componentDetectionPath} scan --SourceDirectory ${path} --ManifestFile ${outputPath}`);
} catch (error: any) {
core.error(error);
}
}
export async function getManifestsFromResults(): Promise<Manifest[]| undefined> {
try {
// Parse the result file and add the packages to the package cache
const packageCache = new PackageCache();
const packages: Array<ComponentDetectionPackage>= [];
const results = await fs.readFileSync(outputPath, 'utf8');
var json: any = JSON.parse(results);
json.componentsFound.forEach(async (component: any) => {
const packageUrl = makePackageUrl(component.component.packageUrl);
if (!packageCache.hasPackage(packageUrl)) {
const pkg = new ComponentDetectionPackage(packageUrl, component.component.id,
component.isDevelopmentDependency,component.topLevelReferrers,component.locationsFoundAt, component.containerDetailIds, component.containerLayerIds);
packageCache.addPackage(pkg);
packages.push(pkg);
}
});
// Set the transitive dependencies
packages.forEach(async (pkg: ComponentDetectionPackage) => {
pkg.toplevelReferrers.forEach(async (referrer: any) => {
const referrerPackage = packageCache.lookupPackage(makePackageUrl(referrer.packageUrl));
if (referrerPackage) {
referrerPackage.dependsOn(pkg);
}
});
});
// Create manifests
const manifests: Array<Manifest> = [];
// Check the locationsFoundAt for every package and add each as a manifest
packages.forEach(async (pkg: ComponentDetectionPackage) => {
pkg.locationsFoundAt.forEach(async (location: any) => {
if (!manifests[location.filePath]) {
const manifest = new Manifest(location.filePath, location.filePath);
manifests.push(manifest);
}
if (pkg.toplevelReferrers.length == 0) {
manifests.find((manifest: Manifest) => manifest.file == location.filePath)?.addDirectDependency(pkg, getDependencyScope(pkg));
} else {
manifests.find((manifest: Manifest) => manifest.file == location.filePath)?.addIndirectDependency(pkg, getDependencyScope(pkg)); }
});
});
core.debug(JSON.stringify(manifests));
return manifests;
} catch (error: any) {
core.error(error);
return undefined;
}
}
function getDependencyScope(pkg: ComponentDetectionPackage) {
return pkg.isDevelopmentDependency ? 'development' : 'runtime'
}
function makePackageUrl(packageUrlJson: any): string {
var packageUrl = `${packageUrlJson.Scheme}:${packageUrlJson.Type}/`;
if (packageUrlJson.Namespace) {
packageUrl += `${packageUrlJson.Namespace.replace("@", "%40")}/`;
}
packageUrl += `${packageUrlJson.Name.replace("@", "%40")}`;
if (packageUrlJson.Version) {
packageUrl += `@${packageUrlJson.Version}`;
}
if (packageUrlJson.Qualifiers) {
packageUrl += `?${packageUrlJson.Qualifiers}`;
}
return packageUrl;
}
async function getLatestReleaseURL(): Promise<string> {
const githubToken = core.getInput('token') || process.env.GITHUB_TOKEN2 || "";
const octokit = github.getOctokit(githubToken);
const owner = "microsoft";
const repo = "component-detection";
const latestRelease = await octokit.rest.repos.getLatestRelease({
owner, repo
});
var downloadURL: string = "";
latestRelease.data.assets.forEach((asset: any) => {
if (asset.name === "component-detection-linux-x64") {
downloadURL = asset.browser_download_url;
}
});
return downloadURL;
}
+4 -5
View File
@@ -10,16 +10,15 @@ import {
submitSnapshot
} from '@github/dependency-submission-toolkit';
import CondaParser from './condaParser';
import ComponentDetection from './componentDetection';
async function run() {
let manifests = CondaParser.getManifestsFromEnvironmentFiles(
CondaParser.searchFiles(core.getInput('filePath'), core.getInput('filePattern')));
let manifests = await ComponentDetection.scanAndGetManifests(core.getInput('path'));
let snapshot = new Snapshot({
name: "conda-dependency-submission-action",
name: "Component Detection",
version: "0.0.1",
url: "https://github.com/jhutchings1/conda-dependency-submission-action",
url: "https://github.com/jhutchings1/component-detection-action",
},
github.context,
{
+5 -5
View File
@@ -1,7 +1,7 @@
{
"name": "Conda-dependency-submission-action",
"name": "component-detection-action",
"version": "1.0.0",
"description": "Conda dependency submission action",
"description": "Component detection action",
"main": "index.ts",
"scripts": {
"lint": "eslint .",
@@ -11,7 +11,7 @@
},
"repository": {
"type": "git",
"url": "git+https://github.com/jhutchings1/spdx-to-dependency-graph-action.git"
"url": "git+https://github.com/jhutchings1/component-detection-action.git"
},
"keywords": [
"GitHub",
@@ -21,9 +21,9 @@
"author": "",
"license": "MIT",
"bugs": {
"url": "https://github.com/jhutchings1/spdx-to-dependency-graph-action/issues"
"url": "https://github.com/jhutchings1/component-detection-action/issues"
},
"homepage": "https://github.com/jhutchings1/spdx-to-dependency-graph-action#readme",
"homepage": "https://github.com/jhutchings1/component-detection-action#readme",
"dependencies": {
"@actions/core": "^1.10.0",
"@actions/github": "^5.1.1",
+8494
View File
File diff suppressed because it is too large Load Diff
+45
View File
@@ -0,0 +1,45 @@
{
"name": "Conda-dependency-submission-action",
"version": "1.0.0",
"description": "Conda dependency submission action",
"main": "index.ts",
"scripts": {
"lint": "eslint .",
"prepare": "ncc build index.ts -o dist --source-map --license licenses.txt",
"test": "node --experimental-vm-modules node_modules/jest/bin/jest.js",
"all": "npm run lint && npm run prepare && npm run test"
},
"repository": {
"type": "git",
"url": "git+https://github.com/jhutchings1/spdx-to-dependency-graph-action.git"
},
"keywords": [
"GitHub",
"Actions",
"JavaScript"
],
"author": "",
"license": "MIT",
"bugs": {
"url": "https://github.com/jhutchings1/spdx-to-dependency-graph-action/issues"
},
"homepage": "https://github.com/jhutchings1/spdx-to-dependency-graph-action#readme",
"dependencies": {
"@actions/core": "^1.10.0",
"@actions/github": "^5.1.1",
"@github/dependency-submission-toolkit": "^1.2.7",
"cross-fetch": "^3.1.5",
"dotenv": "^16.0.3",
"fs": "^0.0.1-security",
"tar": "^6.1.13",
"yaml": "^2.2.1"
},
"devDependencies": {
"@types/glob": "^8.0.0",
"@types/jest": "^29.2.6",
"@vercel/ncc": "^0.36.0",
"eslint": "^8.29.0",
"jest": "^29.3.1",
"ts-jest": "^29.0.5"
}
}
+2 -1
View File
@@ -9,7 +9,8 @@
"esModuleInterop": true, /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
"skipLibCheck": true,
"declaration": true,
"sourceMap": true
"sourceMap": true,
"strictPropertyInitialization": false,
},
"exclude": [
"node_modules",