Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inspect_manifest pipeline error for get_manifest_inputs() #1034

Closed
mjherzog opened this issue Dec 20, 2023 · 3 comments · Fixed by #1074
Closed

Inspect_manifest pipeline error for get_manifest_inputs() #1034

mjherzog opened this issue Dec 20, 2023 · 3 comments · Fixed by #1074
Assignees
@AyanSinhaMahapatra
Labels
bug Something isn't working high priority

Comments

@mjherzog
Copy link
Member

Describe the bug
I uploaded a tar.gz archive of SCWB 4.0 for an SCIO project with the inspect_manifest pipeline. The archive contains 2 manifest files: package.json and package-lock.json.

The pipeline failed with the error:

No package type found for /var/scancodeio/workspace/projects/scwb-packages-test-02-aa820b26/input/scancode-workbench-4.0.0.tar.gz

Traceback:
  File "/opt/scancodeio/scanpipe/pipelines/__init__.py", line 120, in execute
    step(self)
  File "/opt/scancodeio/scanpipe/pipelines/inspect_manifest.py", line 67, in get_packages_from_manifest
    packages = resolve.resolve_packages(input_location)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/scancodeio/scanpipe/pipes/resolve.py", line 49, in resolve_packages
    raise Exception(f"No package type found for {input_location}")

I also created a project where I uploaded just the package-lock.json file and that worked.

System configuration

  • Which version of ScanCode.io are you running? v3.5.2
  • Are you running the app using Docker? Yes
  • On which OS? Ubuntu

Expected behavior
I expected the inspect_manifest pipeline to find the package-lock.json file in the archive and report the npm packages (1448).
@mjherzog mjherzog added bug Something isn't working high priority labels Dec 20, 2023
@AyanSinhaMahapatra AyanSinhaMahapatra self-assigned this Dec 20, 2023
AyanSinhaMahapatra added a commit that referenced this issue Dec 21, 2023
@AyanSinhaMahapatra
Add support for codebase/packages in inspect_manifest
09cf1cd 
The inspect_manifest pipeline is now renamed to inspect_manifests
and this supports uploading a whole package/codebase archive to
find manifests and resolve all packages in them, as opposed to
supporting only manifests to be uploaded.

Reference: #1034
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@tdruez
Copy link
Contributor

tdruez commented Dec 21, 2023

@mjherzog you can upload both unarchived files as a workaround.

@mjherzog
Copy link
Member Author

mjherzog commented Dec 22, 2023
edited
Loading

I already did that and it worked, but we cannot expect a team to manually find and upload the manifest files in a codebase. This needs to be automated and the current doc indicates that the pipeline should handle the extraction.

AyanSinhaMahapatra added a commit that referenced this issue Dec 22, 2023
@AyanSinhaMahapatra
Add support for codebase/packages in inspect_manifest
6428a4d 
The inspect_manifest pipeline is now renamed to inspect_manifests
and this supports uploading a whole package/codebase archive to
find manifests and resolve all packages in them, as opposed to
supporting only manifests to be uploaded.

Reference: #1034
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
AyanSinhaMahapatra added a commit that referenced this issue Dec 22, 2023
@AyanSinhaMahapatra
Add test for archives as inspect_manifest input
2e3c71e 
Reference: #1034
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
AyanSinhaMahapatra added a commit that referenced this issue Dec 22, 2023
@AyanSinhaMahapatra
Add test for archives as inspect_manifest input
aaf130c 
Reference: #1034
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
AyanSinhaMahapatra added a commit that referenced this issue Dec 22, 2023
@AyanSinhaMahapatra
Add test for archives as inspect_manifest input
fd3c8ba 
Reference: #1034
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra AyanSinhaMahapatra mentioned this issue Dec 22, 2023
Merged
@pombredanne
Copy link
Member

pombredanne commented Dec 30, 2023
edited by AyanSinhaMahapatra
Loading

I think what we need mostly is a way to inspect a codebase for packages only.

  1. inspect_manifest should inspect an archive, BUT
  2. the archive may contain more than manifests, so we need really something different

Here is the plan I suggest:

  • rename inspect_manifest to inspect_packages Rename multiple pipelines #1044 #1053 with a description that this inspects application package manifests and lockfiles and creates package and dependencies accordingly. Get it to do the equivalent of a scancode --package or the upcoming scancode --purl
  • create a new pipeline resolve_dependencies that will resolve deps with inspectors (only on pypi for now) and only do this, nothing else (this will not have any steps otherwise)
  • drop scan_codebase_packages that has a confusing name and would now be the same as inspect_packages

tdruez pushed a commit that referenced this issue Jan 25, 2024
@AyanSinhaMahapatra
Update inspect_manifest to accept archives (#1037)
0ff317f 
* Add support for codebase/packages in inspect_manifest

The inspect_manifest pipeline is now renamed to inspect_manifests
and this supports uploading a whole package/codebase archive to
find manifests and resolve all packages in them, as opposed to
supporting only manifests to be uploaded.

Reference: #1034
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Add test for archives as inspect_manifest input

Reference: #1034
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Address review feedback

Reference: #1037
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

---------

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
tdruez added a commit that referenced this issue Jan 25, 2024
@tdruez
Fix docstring summary for the InspectPackages pipeline #1034
71f33c7 
Signed-off-by: tdruez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Feb 8, 2024
@tdruez
Fix some failing unit tests #1034
69d88fa 
Signed-off-by: tdruez <tdruez@nexb.com>
AyanSinhaMahapatra added a commit that referenced this issue Feb 9, 2024
@AyanSinhaMahapatra
Restructure pipelines
1444058 
Remove scan_codebase_packages pipeline, and restructure inspect_packages
pipeline into load_sbom and resolve_packages pipelines.

Reference: #1035
Reference: #1034

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
AyanSinhaMahapatra added a commit that referenced this issue Feb 9, 2024
@AyanSinhaMahapatra
Restructure pipelines for verbosity
079d9e1 
Remove scan_codebase_packages pipeline, and restructure inspect_packages
pipeline into load_sbom and resolve_packages pipelines.

Reference: #1035
Reference: #1034
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@AyanSinhaMahapatra AyanSinhaMahapatra mentioned this issue Feb 9, 2024
Merged
@AyanSinhaMahapatra AyanSinhaMahapatra linked a pull request Feb 12, 2024 that will close this issue
Restructure pipelines for verbosity #1074
Merged
tdruez pushed a commit that referenced this issue Feb 14, 2024
@AyanSinhaMahapatra
Restructure pipelines for verbosity (#1074)
7bb4499 
* Restructure pipelines for verbosity

Remove scan_codebase_packages pipeline, and restructure inspect_packages
pipeline into load_sbom and resolve_packages pipelines.

Reference: #1035
Reference: #1034
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Refactor functions and improve docstrings

Reference: #1074
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Add unittests for new functions

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Update docs and add CHANGELOG entry

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Improve docstrings for pipelines

Suggested-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

---------

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
@swastkk swastkk mentioned this issue Mar 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AyanSinhaMahapatra AyanSinhaMahapatra

Labels
bug Something isn't working high priority
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Restructure pipelines for verbosity aboutcode-org/scancode.io
4 participants
@tdruez @pombredanne @mjherzog @AyanSinhaMahapatra