SCP-48 Extract licenses from results

.github/workflows/test-action.yml

@@ -4,18 +4,15 @@ on:
   pull_request:
   push:
     branches:
-      - main
+      - '*'
 
 permissions:
   contents: read
 
 jobs:
   test-action:
     name: GitHub Actions Test
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
 
     steps:
       - name: Checkout
@@ -36,4 +33,4 @@ jobs:
 
       - name: Print Output
         id: output
-        run: cat "${{ steps.test-action.outputs.result-filepath }}"
+        run: ${{ steps.test-action.outputs.licenses }}

.prettierrc.json

@@ -1,5 +1,5 @@
 {
-  "printWidth": 80,
+  "printWidth": 120,
   "tabWidth": 2,
   "useTabs": false,
   "semi": false,

__tests__/main.test.ts

@@ -49,19 +49,9 @@ describe('action', () => {
 
     // Verify that all of the core library functions were called correctly
     expect(debugMock).toHaveBeenNthCalledWith(1, 'Waiting 500 milliseconds ...')
-    expect(debugMock).toHaveBeenNthCalledWith(
-      2,
-      expect.stringMatching(timeRegex)
-    )
-    expect(debugMock).toHaveBeenNthCalledWith(
-      3,
-      expect.stringMatching(timeRegex)
-    )
-    expect(setOutputMock).toHaveBeenNthCalledWith(
-      1,
-      'time',
-      expect.stringMatching(timeRegex)
-    )
+    expect(debugMock).toHaveBeenNthCalledWith(2, expect.stringMatching(timeRegex))
+    expect(debugMock).toHaveBeenNthCalledWith(3, expect.stringMatching(timeRegex))
+    expect(setOutputMock).toHaveBeenNthCalledWith(1, 'time', expect.stringMatching(timeRegex))
     expect(errorMock).not.toHaveBeenCalled()
   })
 
@@ -80,10 +70,7 @@ describe('action', () => {
     expect(runMock).toHaveReturned()
 
     // Verify that all of the core library functions were called correctly
-    expect(setFailedMock).toHaveBeenNthCalledWith(
-      1,
-      'milliseconds not a number'
-    )
+    expect(setFailedMock).toHaveBeenNthCalledWith(1, 'milliseconds not a number')
     expect(errorMock).not.toHaveBeenCalled()
   })
 })

src/main.ts

@@ -1,5 +1,6 @@
 import * as core from '@actions/core'
 import * as exec from '@actions/exec'
+import { getLicenses, readResult } from './services/result.service'
 
 /**
  * The main function for the action.
@@ -23,11 +24,11 @@ export async function run(): Promise<void> {
     options.silent = true
 
     // run scan
-    await exec.exec(
-      'scanoss-py',
-      ['scan', repoDir, '--output', outputPath],
-      options
-    )
+    await exec.exec('scanoss-py', ['scan', repoDir, '--output', outputPath], options)
+
+    const scannerResults = await readResult(outputPath)
+    const licenses = getLicenses(scannerResults)
+    core.setOutput('licenses', licenses.toString())
 
     // set outputs for other workflow steps to use
     core.setOutput('result-filepath', outputPath)

src/services/result.interfaces.ts

@@ -0,0 +1,98 @@
+export type ScannerResults = Record<
+  string,
+  ScannerComponent[] | DependencyComponent[]
+>
+
+export enum ComponentID {
+  NONE = 'none',
+  FILE = 'file',
+  SNIPPET = 'snippet',
+  DEPENDENCY = 'dependency'
+}
+
+interface CommonComponent {
+  id: ComponentID
+  status: string
+}
+
+export interface DependencyComponent extends CommonComponent {
+  dependencies: {
+    licenses: {
+      is_spdx_approved: boolean
+      name: string
+      spdx_id: string
+    }[]
+    purl: string
+    url: string
+    version: string
+  }[]
+}
+
+export interface ScannerComponent extends CommonComponent {
+  lines: string
+  oss_lines: string
+  matched: string
+  purl: string[]
+  vendor: string
+  component: string
+  version: string
+  latest: string
+  url: string
+  release_date: string
+  file: string
+  url_hash: string
+  file_hash: string
+  source_hash: string
+  file_url: string
+  licenses: {
+    name: string
+    patent_hints: string
+    copyleft: string
+    checklist_url: string
+    osadl_updated: string
+    source: string
+    incompatible_with?: string
+  }[]
+  dependencies: {
+    vendor: string
+    component: string
+    version: string
+    source: string
+  }[]
+  copyrights: {
+    name: string
+    source: string
+  }[]
+  vulnerabilities: {
+    ID: string
+    CVE: string
+    severity: string
+    reported: string
+    introduced: string
+    patched: string
+    summary: string
+    source: string
+  }[]
+  quality: {
+    score: string
+    source: string
+  }[]
+  cryptography: any[]
+  health: {
+    creation_date: string
+    issues: number
+    last_push: string
+    last_update: string
+    watchers: number
+    country: string
+    stars: number
+    forks: number
+  }
+  server: {
+    version: string
+    kb_version: { monthly: string; daily: string }
+    hostname: string
+    flags: string
+    elapsed: string
+  }
+}

src/services/result.service.ts

@@ -0,0 +1,31 @@
+import { ComponentID, DependencyComponent, ScannerComponent, ScannerResults } from './result.interfaces'
+import * as fs from 'fs'
+
+export async function readResult(filepath: string): Promise<ScannerResults> {
+  const content = await fs.promises.readFile(filepath, 'utf-8')
+  return JSON.parse(content) as ScannerResults
+}
+
+export function getLicenses(results: ScannerResults) {
+  const licenses = new Set<string>()
+
+  for (const [path, component] of Object.entries(results)) {
+    component.forEach(c => {
+      if (c.id === ComponentID.DEPENDENCY) {
+        ;(c as DependencyComponent).dependencies.forEach(d => {
+          d.licenses.forEach(l => {
+            licenses.add(l.spdx_id)
+          })
+        })
+      }
+
+      if (c.id === ComponentID.FILE || c.id === ComponentID.SNIPPET) {
+        ;(c as ScannerComponent).licenses.forEach(l => {
+          licenses.add(l.name)
+        })
+      }
+    })
+  }
+
+  return Array.from(licenses)
+}