From 0eaedb720ab423335c57b72000821cb259bcbf9f Mon Sep 17 00:00:00 2001 From: JohT <7671054+JohT@users.noreply.github.com> Date: Sun, 1 Dec 2024 14:00:27 +0100 Subject: [PATCH] Install Typescript project dependencies explicitly --- .../workflows/typescript-code-analysis.yml | 15 +++-- scripts/downloader/downloadAntDesign.sh | 1 - scripts/downloader/downloadReactRouter.sh | 4 +- .../downloader/downloadTypescriptProject.sh | 57 +------------------ scripts/examples/analyzeAntDesign.sh | 14 ++++- scripts/examples/analyzeReactRouter.sh | 11 +++- 6 files changed, 36 insertions(+), 66 deletions(-) diff --git a/.github/workflows/typescript-code-analysis.yml b/.github/workflows/typescript-code-analysis.yml index e02e01eb2..de84b1583 100644 --- a/.github/workflows/typescript-code-analysis.yml +++ b/.github/workflows/typescript-code-analysis.yml @@ -118,11 +118,6 @@ jobs: key: ${{ runner.os }}-${{ hashFiles('**/*.sh') }} - - name: Setup pnpm for react-router - uses: pnpm/action-setup@v4.0.0 - with: - version: 8.10.5 - - name: Download ${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }} working-directory: temp run: | @@ -131,6 +126,16 @@ jobs: echo "Working directory: $( pwd -P )" ./../../scripts/downloader/downloadReactRouter.sh ${{ env.REACT_ROUTER_VERSION }} + - name: Setup pnpm for react-router + uses: pnpm/action-setup@v4.0.0 + with: + package_json_file: temp/${{env.PROJECT_NAME}}-${{env.REACT_ROUTER_VERSION}}/source/${{env.PROJECT_NAME}}-${{env.REACT_ROUTER_VERSION}}/package.json + + - name: Install dependencies with pnpm + working-directory: temp/${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}/source/${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }} + run: | + pnpm install --frozen-lockfile --strict-peer-dependencies + - name: Analyze ${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }} working-directory: temp/${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }} # Shell type can be skipped if jupyter notebook reports (and therefore conda) aren't needed diff --git a/scripts/downloader/downloadAntDesign.sh b/scripts/downloader/downloadAntDesign.sh index 14426dfd1..c3d761bcf 100755 --- a/scripts/downloader/downloadAntDesign.sh +++ b/scripts/downloader/downloadAntDesign.sh @@ -2,7 +2,6 @@ # Downloads the Typescript project ant-design (https://github.com/ant-design/ant-design) from GitHub using git clone. # The source files are written into the "source" directory of the current analysis directory. -# After scanning it with jQAssistant Typescript Plugin the resulting JSON will be moved into the "artifacts" directory. # Note: This script is meant to be started within the temporary analysis directory (e.g. "temp/AnalysisName/") diff --git a/scripts/downloader/downloadReactRouter.sh b/scripts/downloader/downloadReactRouter.sh index 147142888..8876878ed 100755 --- a/scripts/downloader/downloadReactRouter.sh +++ b/scripts/downloader/downloadReactRouter.sh @@ -2,7 +2,6 @@ # Downloads react-router (https://github.com/remix-run/react-router) from GitHub using git clone. # The source files are written into the "source" directory of the current analysis directory. -# After scanning it with jQAssistant Typescript Plugin the resulting JSON will be moved into the "artifacts" directory. # Note: This script is meant to be started within the temporary analysis directory (e.g. "temp/AnalysisName/") # Note: react-router uses pnpm as package manager which needs to be installed first @@ -30,5 +29,4 @@ echo "downloadReactRouter: DOWNLOADER_SCRIPTS_DIR=${DOWNLOADER_SCRIPTS_DIR}" source "${DOWNLOADER_SCRIPTS_DIR}/downloadTypescriptProject.sh" \ --url https://github.com/remix-run/react-router.git \ --version "${projectVersion}" \ - --tag "react-router@${projectVersion}" \ - --packageManager pnpm \ No newline at end of file + --tag "react-router@${projectVersion}" \ No newline at end of file diff --git a/scripts/downloader/downloadTypescriptProject.sh b/scripts/downloader/downloadTypescriptProject.sh index f43b205b0..bba26ebf2 100755 --- a/scripts/downloader/downloadTypescriptProject.sh +++ b/scripts/downloader/downloadTypescriptProject.sh @@ -1,16 +1,13 @@ #!/usr/bin/env bash # Downloads the given version of a Typescript project from a git repository using git clone. -# The cloned project is then moved into the "source" directory of the current analysis directory -# where its dependencies are installed by the given package manager. -# After scanning it with jQAssistant's Typescript Plugin, the resulting JSON will be moved into the "artifacts/typescript" directory. +# The cloned project is then moved into the "source" directory of the current analysis directory. # Command line options: # --url Git clone URL (optional, default = skip clone) # --version Version of the project # --tag Tag to switch to after "git clone" (optional, default = version) # --project Name of the project/repository (optional, default = clone url file name without .git extension) -# --packageManager One of "npm", "pnpm" or "yarn". (optional, default = "npm") # Note: This script is meant to be started within the temporary analysis directory (e.g. "temp/AnalysisName/") @@ -29,7 +26,6 @@ usage() { echo " [ --tag (default=version) \\]" echo " [ --url (default=skip clone)] \\" echo " [ --project (default=url file name) \\]" - echo " [ --packageManager (default=npm) ]" echo "Example: $0 \\" echo " --url https://github.com/ant-design/ant-design.git \\" echo " --version 5.19.3" @@ -41,7 +37,6 @@ cloneUrl="" projectName="" projectVersion="" projectTag="" -packageManager="npm" # Parse command line options while [[ $# -gt 0 ]]; do @@ -65,10 +60,6 @@ while [[ $# -gt 0 ]]; do projectTag="${value}" shift ;; - --packageManager) - packageManager="${value}" - shift - ;; *) echo "downloadTypescriptProject Error: Unknown option: ${key}" usage @@ -108,49 +99,10 @@ if [ -z "${projectTag}" ]; then projectTag="${projectVersion}" fi -case "${packageManager}" in - npm|pnpm|yarn) - echo "downloadTypescriptProject Using package manager ${packageManager}" - ;; - *) - echo "downloadTypescriptProject Error: Unknown package manager: ${packageManager}" - usage - ;; -esac - -if ! command -v "${packageManager}" &> /dev/null ; then - echo "downloadTypescriptProject Error: Package manager ${packageManager} could not be found" - exit 1 -fi - -if ! command -v "npx" &> /dev/null ; then - echo "downloadTypescriptProject Error: Command npx not found. It's needed to execute npm packages." - exit 1 -fi - echo "downloadTypescriptProject: cloneUrl: ${cloneUrl}" echo "downloadTypescriptProject: projectName: ${projectName}" echo "downloadTypescriptProject: projectVersion: ${projectVersion}" echo "downloadTypescriptProject: projectTag: ${projectTag}" -echo "downloadTypescriptProject: packageManager: ${packageManager}" - -usePackageManagerToInstallDependencies() { - echo "downloadTypescriptProject: Installing dependencies using ${packageManager}..." - case "${packageManager}" in - npm) - # npm ci is not sufficient for projects like "ant-design" that rely on generating the package-lock - # Even if this is not standard, this is an acceptable solution since it is only used to prepare scanning. - # The same applies to "--force" which shouldn't be done normally. - npm install --ignore-scripts --force --verbose || exit - ;; - pnpm) - pnpm install --frozen-lockfile || exit - ;; - yarn) - yarn install --frozen-lockfile --ignore-scripts --non-interactive --verbose || exit - ;; - esac -} # Create runtime logs directory if it hasn't existed yet mkdir -p ./runtime/logs @@ -172,9 +124,4 @@ if [ ! -d "${fullSourceDirectory}" ]; then # source doesn't exist else # Source already exists. Cloning not necessary. echo "downloadTypescriptProject: Source already exists. Skip cloning ${cloneUrl}" -fi - -( - cd "${fullSourceDirectory}" || exit - usePackageManagerToInstallDependencies -) \ No newline at end of file +fi \ No newline at end of file diff --git a/scripts/examples/analyzeAntDesign.sh b/scripts/examples/analyzeAntDesign.sh index c1abc6483..de17dde4b 100755 --- a/scripts/examples/analyzeAntDesign.sh +++ b/scripts/examples/analyzeAntDesign.sh @@ -11,6 +11,10 @@ # Fail on any error ("-e" = exit on first error, "-o pipefail" exist on errors within piped commands) set -o errexit -o pipefail +# Overrideable Defaults +SOURCE_DIRECTORY=${SOURCE_DIRECTORY:-"source"} +echo "analyzerAntDesign: SOURCE_DIRECTORY=${SOURCE_DIRECTORY}" + ## Get this "scripts" directory if not already set # Even if $BASH_SOURCE is made for Bourne-like shells it is also supported by others and therefore here the preferred solution. # CDPATH reduces the scope of the cd command to potentially prevent unintended directory changes. @@ -53,8 +57,16 @@ cd "./ant-design-${projectVersion}" # Create the artifacts directory that will contain the code to be analyzed. mkdir -p ./artifacts -# Download AxonFramework artifacts (jar files) from Maven +# Download ant-design source code ./../../scripts/downloader/downloadAntDesign.sh "${projectVersion}" +( + cd "./${SOURCE_DIRECTORY}//ant-design-${projectVersion}" || exit + # npm ci is not sufficient for projects like "ant-design" that rely on generating the package-lock + # Even if this is not standard, this is an acceptable solution since it is only used to prepare scanning. + # The same applies to "--force" which shouldn't be done normally. + npm install --ignore-scripts --force --verbose || exit +) + # Start the analysis ./../../scripts/analysis/analyze.sh "${@}" \ No newline at end of file diff --git a/scripts/examples/analyzeReactRouter.sh b/scripts/examples/analyzeReactRouter.sh index 894b5bbe2..b64057d7f 100755 --- a/scripts/examples/analyzeReactRouter.sh +++ b/scripts/examples/analyzeReactRouter.sh @@ -11,6 +11,10 @@ # Fail on any error ("-e" = exit on first error, "-o pipefail" exist on errors within piped commands) set -o errexit -o pipefail +# Overrideable Defaults +SOURCE_DIRECTORY=${SOURCE_DIRECTORY:-"source"} +echo "analyzerReactRouter: SOURCE_DIRECTORY=${SOURCE_DIRECTORY}" + ## Get this "scripts" directory if not already set # Even if $BASH_SOURCE is made for Bourne-like shells it is also supported by others and therefore here the preferred solution. # CDPATH reduces the scope of the cd command to potentially prevent unintended directory changes. @@ -53,8 +57,13 @@ cd "./react-router-${projectVersion}" # Create the artifacts directory that will contain the code to be analyzed. mkdir -p ./artifacts -# Download AxonFramework artifacts (jar files) from Maven +# Download react-router source code ./../../scripts/downloader/downloadReactRouter.sh "${projectVersion}" +( + cd "${SOURCE_DIRECTORY}/react-router-${projectVersion}" || exit + pnpm install --frozen-lockfile --strict-peer-dependencies || exit +) + # Start the analysis ./../../scripts/analysis/analyze.sh "${@}" \ No newline at end of file