chore: resolve staging merge conflicts

behnazh-w · behnazh-w · commit 266700e0ec11 · 2023-07-04T15:56:58.000+10:00
Signed-off-by: behnazh-w &lt;behnaz.hassanshahi@oracle.com&gt;
diff --git a/src/macaron/slsa_analyzer/analyzer.py b/src/macaron/slsa_analyzer/analyzer.py
@@ -31,8 +31,7 @@
     NoneDependencyAnalyzer,
 )
 from macaron.dependency_analyzer.cyclonedx import get_deps_from_sbom
-from macaron.errors import CloneError
-from macaron.errors import DuplicateError, NotFoundError
+from macaron.errors import CloneError, DuplicateError, NotFoundError
 from macaron.output_reporter.reporter import FileReporter
 from macaron.output_reporter.results import Record, Report, SCMStatus
 from macaron.slsa_analyzer import git_url
@@ -278,7 +277,7 @@ def resolve_dependencies(self, main_ctx: AnalyzeContext, sbom_path: str) -> dict
             if isinstance(dep_analyzer, NoneDependencyAnalyzer):
                 logger.info(
                     "Dependency analyzer is not available for %s",
-                    main_ctx.dynamic_data["build_spec"]["tool"].name,
+                    build_tool.name,
                 )
                 return {}
 
@@ -728,7 +727,8 @@ def perform_checks(self, analyze_ctx: AnalyzeContext) -> dict[str, CheckResult]:
         # Determine the git service.
         remote_path = analyze_ctx.component.repository.remote_path if analyze_ctx.component.repository else None
         git_service = self.get_git_service(remote_path)
-        if isinstance(git_service, NoneGitService):
+        # Check remote_path to help mypy.
+        if remote_path is None or isinstance(git_service, NoneGitService):
             logger.error("Unsupported git service for %s", analyze_ctx.component.purl)
         else:
             logger.info(
@@ -745,7 +745,7 @@ def perform_checks(self, analyze_ctx: AnalyzeContext) -> dict[str, CheckResult]:
                     build_tool.name,
                 )
 
-                if build_tool.is_detected(  ):
+                if build_tool.is_detected(analyze_ctx.component.repository.fs_path):
                     logger.info("The repo uses %s build tool.", build_tool.name)
                     analyze_ctx.dynamic_data["build_spec"]["tools"].append(build_tool)
 
diff --git a/src/macaron/slsa_analyzer/checks/build_service_check.py b/src/macaron/slsa_analyzer/checks/build_service_check.py
@@ -147,20 +147,20 @@ def _check_build_tool(
                 if build_cmd:
                     # Get the permalink and HTML hyperlink tag of the CI file that triggered the bash command.
                     trigger_link = ci_service.api_client.get_file_link(
-                        ctx.repo_full_name,
-                        ctx.commit_sha,
+                        ctx.component.repository.full_name,
+                        ctx.component.repository.commit_sha,
                         ci_service.api_client.get_relative_path_of_workflow(os.path.basename(bash_cmd["CI_path"])),
                     )
                     # Get the permalink and HTML hyperlink tag of the source file of the bash command.
                     bash_source_link = ci_service.api_client.get_file_link(
-                        ctx.repo_full_name, ctx.commit_sha, bash_cmd["caller_path"]
+                        ctx.component.repository.full_name, ctx.component.repository.commit_sha, bash_cmd["caller_path"]
                     )
 
                     html_url = ci_service.has_latest_run_passed(
-                        ctx.repo_full_name,
-                        ctx.branch_name,
-                        ctx.commit_sha,
-                        ctx.commit_date,
+                        ctx.component.repository.full_name,
+                        ctx.component.repository.branch_name,
+                        ctx.component.repository.commit_sha,
+                        ctx.component.repository.commit_date,
                         os.path.basename(bash_cmd["CI_path"]),
                     )
 
@@ -187,10 +187,11 @@ def _check_build_tool(
                         predicate = ci_info["provenances"][0]["predicate"]
                         predicate["buildType"] = f"Custom {ci_service.name}"
                         predicate["builder"]["id"] = bash_source_link
-                        predicate["invocation"]["configSource"][
-                            "uri"
-                        ] = f"{ctx.remote_path}@refs/heads/{ctx.branch_name}"
-                        predicate["invocation"]["configSource"]["digest"]["sha1"] = ctx.commit_sha
+                        predicate["invocation"]["configSource"]["uri"] = (
+                            f"{ctx.component.repository.remote_path}"
+                            f"@refs/heads/{ctx.component.repository.branch_name}"
+                        )
+                        predicate["invocation"]["configSource"]["digest"]["sha1"] = ctx.component.repository.commit_sha
                         predicate["invocation"]["configSource"]["entryPoint"] = trigger_link
                         predicate["metadata"]["buildInvocationId"] = html_url
                     return CheckResultType.PASSED
@@ -201,7 +202,7 @@ def _check_build_tool(
                 if isinstance(ci_service, unparsed_ci):
                     if build_tool.ci_build_kws[ci_service.name]:
                         _, config_name = ci_service.has_kws_in_config(
-                            build_tool.ci_build_kws[ci_service.name], repo_path=ctx.repo_path
+                            build_tool.ci_build_kws[ci_service.name], repo_path=ctx.component.repository.fs_path
                         )
                         if not config_name:
                             break
@@ -222,10 +223,13 @@ def _check_build_tool(
                             predicate = ci_info["provenances"][0]["predicate"]
                             predicate["buildType"] = f"Custom {ci_service.name}"
                             predicate["builder"]["id"] = config_name
-                            predicate["invocation"]["configSource"][
-                                "uri"
-                            ] = f"{ctx.remote_path}@refs/heads/{ctx.branch_name}"
-                            predicate["invocation"]["configSource"]["digest"]["sha1"] = ctx.commit_sha
+                            predicate["invocation"]["configSource"]["uri"] = (
+                                f"{ctx.component.repository.remote_path}"
+                                f"@refs/heads/{ctx.component.repository.branch_name}"
+                            )
+                            predicate["invocation"]["configSource"]["digest"][
+                                "sha1"
+                            ] = ctx.component.repository.commit_sha
                             predicate["invocation"]["configSource"]["entryPoint"] = config_name
                         return CheckResultType.PASSED
 
diff --git a/tests/e2e/expected_results/multibuild_test/multibuild_test.json b/tests/e2e/expected_results/multibuild_test/multibuild_test.json
@@ -1,10 +1,6 @@
 {
     "metadata": {
-<<<<<<< HEAD
         "timestamps": "2023-06-18 21:51:40"
-=======
-        "timestamps": "2023-06-15 05:18:53"
->>>>>>> 4dd62bd (feat: introduce a new data model and software components based on PURL)
     },
     "target": {
         "info": {
diff --git a/tests/e2e/expected_results/tinyMediaManager/tinyMediaManager.json b/tests/e2e/expected_results/tinyMediaManager/tinyMediaManager.json
@@ -4,7 +4,7 @@
     },
     "target": {
         "info": {
-            "full_name": "tinyMediaManager/tinyMediaManager",
+            "full_name": "pkg:gitlab.com/tinyMediaManager/tinyMediaManager@cca6b67a335074eca42136556f0a321f75dc4f48",
             "local_cloned_path": "git_repos/gitlab_com/tinyMediaManager/tinyMediaManager",
             "remote_path": "https://gitlab.com/tinyMediaManager/tinyMediaManager",
             "branch": "main",
diff --git a/tests/slsa_analyzer/checks/test_build_as_code_check.py b/tests/slsa_analyzer/checks/test_build_as_code_check.py
@@ -54,32 +54,32 @@ def test_build_as_code_check(
 
     # The target repo uses Maven build tool but does not deploy artifacts.
     use_build_tool = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    use_build_tool.dynamic_data["build_spec"]["tool"] = [maven_tool]
+    use_build_tool.dynamic_data["build_spec"]["tools"] = [maven_tool]
     assert check.run_check(use_build_tool, check_result) == CheckResultType.FAILED
 
     # The target repo uses Gradle build tool but does not deploy artifacts.
     use_build_tool = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    use_build_tool.dynamic_data["build_spec"]["tool"] = [gradle_tool]
+    use_build_tool.dynamic_data["build_spec"]["tools"] = [gradle_tool]
     assert check.run_check(use_build_tool, check_result) == CheckResultType.FAILED
 
     # The target repo uses Poetry build tool but does not deploy artifacts.
     use_build_tool = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    use_build_tool.dynamic_data["build_spec"]["tool"] = [poetry_tool]
+    use_build_tool.dynamic_data["build_spec"]["tools"] = [poetry_tool]
     assert check.run_check(use_build_tool, check_result) == CheckResultType.FAILED
 
     # The target repo uses Pip build tool but does not deploy artifacts.
     use_build_tool = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    use_build_tool.dynamic_data["build_spec"]["tool"] = [pip_tool]
+    use_build_tool.dynamic_data["build_spec"]["tools"] = [pip_tool]
     assert check.run_check(use_build_tool, check_result) == CheckResultType.FAILED
 
     # The target repo does not use a build tool.
     no_build_tool = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    no_build_tool.dynamic_data["build_spec"]["tool"] = []
+    no_build_tool.dynamic_data["build_spec"]["tools"] = []
     assert check.run_check(no_build_tool, check_result) == CheckResultType.FAILED
 
     # Use mvn deploy to deploy the artifact.
     maven_deploy = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    maven_deploy.dynamic_data["build_spec"]["tool"] = [maven_tool]
+    maven_deploy.dynamic_data["build_spec"]["tools"] = [maven_tool]
     bash_commands["commands"] = [["mvn", "deploy"]]
     maven_deploy.dynamic_data["ci_services"] = [ci_info]
     assert check.run_check(maven_deploy, check_result) == CheckResultType.PASSED
@@ -96,7 +96,7 @@ def test_build_as_code_check(
 
     # Use mvn but do not deploy artifacts.
     no_maven_deploy = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    no_maven_deploy.dynamic_data["build_spec"]["tool"] = [maven_tool]
+    no_maven_deploy.dynamic_data["build_spec"]["tools"] = [maven_tool]
     bash_commands["commands"] = [["mvn", "verify"]]
     no_maven_deploy.dynamic_data["ci_services"] = [ci_info]
     assert check.run_check(no_maven_deploy, check_result) == CheckResultType.FAILED
@@ -108,66 +108,66 @@ def test_build_as_code_check(
 
     # Use gradle to deploy the artifact.
     gradle_deploy = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    gradle_deploy.dynamic_data["build_spec"]["tool"] = [gradle_tool]
+    gradle_deploy.dynamic_data["build_spec"]["tools"] = [gradle_tool]
     bash_commands["commands"] = [["./gradlew", "publishToSonatype"]]
     gradle_deploy.dynamic_data["ci_services"] = [ci_info]
     assert check.run_check(gradle_deploy, check_result) == CheckResultType.PASSED
 
     # Use poetry publish to publish the artifact.
     poetry_publish = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    poetry_publish.dynamic_data["build_spec"]["tool"] = [poetry_tool]
+    poetry_publish.dynamic_data["build_spec"]["tools"] = [poetry_tool]
     bash_commands["commands"] = [["poetry", "publish"]]
     poetry_publish.dynamic_data["ci_services"] = [ci_info]
     assert check.run_check(poetry_publish, check_result) == CheckResultType.PASSED
 
     # Use Poetry but do not deploy artifacts.
     no_poetry_deploy = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    no_poetry_deploy.dynamic_data["build_spec"]["tool"] = [poetry_tool]
+    no_poetry_deploy.dynamic_data["build_spec"]["tools"] = [poetry_tool]
     bash_commands["commands"] = [["poetry", "upload"]]
     no_poetry_deploy.dynamic_data["ci_services"] = [ci_info]
     assert check.run_check(no_maven_deploy, check_result) == CheckResultType.FAILED
 
     # Use twine upload to deploy the artifact.
     twine_upload = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    twine_upload.dynamic_data["build_spec"]["tool"] = [pip_tool]
+    twine_upload.dynamic_data["build_spec"]["tools"] = [pip_tool]
     bash_commands["commands"] = [["twine", "upload", "dist/*"]]
     twine_upload.dynamic_data["ci_services"] = [ci_info]
     assert check.run_check(twine_upload, check_result) == CheckResultType.PASSED
 
     # Use flit publish to deploy the artifact.
     flit_publish = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    flit_publish.dynamic_data["build_spec"]["tool"] = [pip_tool]
+    flit_publish.dynamic_data["build_spec"]["tools"] = [pip_tool]
     bash_commands["commands"] = [["flit", "publish"]]
     flit_publish.dynamic_data["ci_services"] = [ci_info]
     assert check.run_check(flit_publish, check_result) == CheckResultType.PASSED
 
     # Test Jenkins.
     maven_deploy = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    maven_deploy.dynamic_data["build_spec"]["tool"] = [maven_tool]
+    maven_deploy.dynamic_data["build_spec"]["tools"] = [maven_tool]
     ci_info["service"] = jenkins_service
     bash_commands["commands"] = []
     maven_deploy.dynamic_data["ci_services"] = [ci_info]
     assert check.run_check(maven_deploy, check_result) == CheckResultType.FAILED
 
     # Test Travis.
     maven_deploy = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    maven_deploy.dynamic_data["build_spec"]["tool"] = [maven_tool]
+    maven_deploy.dynamic_data["build_spec"]["tools"] = [maven_tool]
     ci_info["service"] = travis_service
     bash_commands["commands"] = []
     maven_deploy.dynamic_data["ci_services"] = [ci_info]
     assert check.run_check(maven_deploy, check_result) == CheckResultType.FAILED
 
     # Test Circle CI.
     maven_deploy = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    maven_deploy.dynamic_data["build_spec"]["tool"] = [maven_tool]
+    maven_deploy.dynamic_data["build_spec"]["tools"] = [maven_tool]
     ci_info["service"] = circle_ci_service
     bash_commands["commands"] = []
     maven_deploy.dynamic_data["ci_services"] = [ci_info]
     assert check.run_check(maven_deploy, check_result) == CheckResultType.FAILED
 
     # Test GitLab CI.
     maven_deploy = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    maven_deploy.dynamic_data["build_spec"]["tool"] = [maven_tool]
+    maven_deploy.dynamic_data["build_spec"]["tools"] = [maven_tool]
     ci_info["service"] = gitlab_ci_service
     bash_commands["commands"] = []
     maven_deploy.dynamic_data["ci_services"] = [ci_info]
@@ -222,7 +222,7 @@ def test_gha_workflow_deployment(
 
     # This Github Actions workflow uses gh-action-pypi-publish to publish the artifact.
     gha_deploy = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
-    gha_deploy.dynamic_data["build_spec"]["tool"] = [pip_tool]
+    gha_deploy.dynamic_data["build_spec"]["tools"] = [pip_tool]
     gha_deploy.dynamic_data["ci_services"] = [ci_info]
 
     root = GitHubNode(name="root", node_type=GHWorkflowType.NONE, source_path="", parsed_obj={}, caller_path="")
@@ -283,7 +283,7 @@ def test_travis_ci_deploy(
     check_result = CheckResult(justification=[])  # type: ignore
     gradle_deploy = MockAnalyzeContext(macaron_path=macaron_path, output_dir="")
     gradle_deploy.component.repository.fs_path = str(repo_path.absolute())
-    gradle_deploy.dynamic_data["build_spec"]["tool"] = [gradle_tool]
+    gradle_deploy.dynamic_data["build_spec"]["tools"] = [gradle_tool]
     gradle_deploy.dynamic_data["ci_services"] = [ci_info]
 
     assert check.run_check(gradle_deploy, check_result) == expect_result
diff --git a/tests/slsa_analyzer/checks/test_build_script_check.py b/tests/slsa_analyzer/checks/test_build_script_check.py
@@ -23,12 +23,12 @@ def test_build_script_check(self) -> None:
 
         # The target repo uses a build tool.
         use_build_tool = MockAnalyzeContext(macaron_path=MacaronTestCase.macaron_path, output_dir="")
-        use_build_tool.dynamic_data["build_spec"]["tool"] = [maven]
+        use_build_tool.dynamic_data["build_spec"]["tools"] = [maven]
 
         assert check.run_check(use_build_tool, check_result) == CheckResultType.PASSED
 
         # The target repo does not use a build tool.
         no_build_tool = MockAnalyzeContext(macaron_path=MacaronTestCase.macaron_path, output_dir="")
-        no_build_tool.dynamic_data["build_spec"]["tool"] = []
+        no_build_tool.dynamic_data["build_spec"]["tools"] = []
 
         assert check.run_check(no_build_tool, check_result) == CheckResultType.FAILED
diff --git a/tests/slsa_analyzer/checks/test_build_service_check.py b/tests/slsa_analyzer/checks/test_build_service_check.py
