Skip to content

Commit

Permalink
uv workspace support (#1524)
Browse files Browse the repository at this point in the history
* Support for uv workspace

Signed-off-by: Prabhu Subramanian <[email protected]>

---------

Signed-off-by: Prabhu Subramanian <[email protected]>
  • Loading branch information
prabhu authored Jan 3, 2025
1 parent 6fc2b77 commit 415dc72
Show file tree
Hide file tree
Showing 12 changed files with 404 additions and 43 deletions.
16 changes: 13 additions & 3 deletions .github/workflows/snapshot-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,16 @@ name: Test BOM Snapshots

on:
workflow_dispatch:

push:
branches:
- master
- release/*
tags:
- 'v*'
pull_request:
paths-ignore:
- 'docs/**'
- '*.md'

concurrency:
group: "${{ github.workflow }}-${{ github.head_ref || github.run_id }}"
Expand All @@ -26,7 +35,7 @@ jobs:
run: |
rm -rf original_snapshots new_snapshots src_repos
cdxgen_tarball=$(pnpm pack | tail -1)
npm install -g "$cdxgen_tarball"
sudo npm install -g "$cdxgen_tarball"
git clone https://github.com/appthreat/cdxgen-samples.git original_snapshots
python3.12 -m venv .venv
source .venv/bin/activate && pip install -r test/diff/requirements.txt
Expand All @@ -35,7 +44,8 @@ jobs:
run: |
source .venv/bin/activate
python test/diff/generate.py
env:
ATOM_JAVA_HOME: /usr/lib/jvm/java-21-openjdk-amd64
- name: Upload shell scripts generated as artifact
uses: actions/upload-artifact@v4
with:
Expand Down
2 changes: 1 addition & 1 deletion ci/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ ARG SBT_VERSION=1.10.5
ARG MAVEN_VERSION=3.9.9
ARG GRADLE_VERSION=8.11
ARG GO_VERSION=1.23.3
ARG NODE_VERSION=23.2.0
ARG NODE_VERSION=23.5.0
ARG PYTHON_VERSION=3.12

ENV GOPATH=/opt/app-root/go \
Expand Down
2 changes: 1 addition & 1 deletion ci/base-images/cdxgen/Dockerfile.python
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ LABEL maintainer="CycloneDX" \
org.opencontainers.image.description="Rolling image with cdxgen SBOM generator for Python 3.12 apps" \
org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python:v11 -r /app --server"

ARG NODE_VERSION=23.2.0
ARG NODE_VERSION=23.5.0

ENV NVM_DIR="/root/.nvm" \
PYTHON_CMD=python3 \
Expand Down
2 changes: 1 addition & 1 deletion ci/base-images/sle/Dockerfile.lang
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ FROM registry.suse.com/bci/python:3.12
ARG JAVA_VERSION=23.0.1-tem
ARG MAVEN_VERSION=3.9.9
ARG GCC_VERSION=13
ARG NODE_VERSION=23.2.0
ARG NODE_VERSION=23.5.0

ENV JAVA_VERSION=$JAVA_VERSION \
MAVEN_VERSION=$MAVEN_VERSION \
Expand Down
23 changes: 18 additions & 5 deletions lib/cli/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -132,11 +132,11 @@ import {
parsePkgJson,
parsePkgLock,
parsePnpmLock,
parsePoetrylockData,
parsePom,
parsePrivadoFile,
parsePubLockData,
parsePubYamlData,
parsePyLockData,
parsePyProjectTomlFile,
parseReqFile,
parseSbtLock,
Expand Down Expand Up @@ -1049,7 +1049,7 @@ function determinePackageType(pkg) {
if (
pkg.purl.startsWith(cf) ||
purl.namespace?.includes(cf) ||
purl.name.toLowerCase().includes(cf)
purl.name.toLowerCase().startsWith(cf)
) {
return "framework";
}
Expand Down Expand Up @@ -3023,7 +3023,7 @@ export async function createPythonBom(path, options) {
)) &&
!uvLockFiles.length
) {
createUVLock(path);
createUVLock(path, options);
uvLockFiles = getAllFiles(
path,
`${options.multiProject ? "**/" : ""}uv.lock`,
Expand All @@ -3049,11 +3049,24 @@ export async function createPythonBom(path, options) {
if (DEBUG_MODE) {
console.log(`Parsing ${f}`);
}
let retMap = await parsePoetrylockData(lockData, f);
let retMap = await parsePyLockData(lockData, f);
// Should we exit for workspace errors
if (retMap?.workspaceWarningShown) {
options.failOnError && process.exit(1);
}
if (retMap.pkgList?.length) {
pkgList = pkgList.concat(retMap.pkgList);
pkgList = trimComponents(pkgList);
}
// Retain the parent hierarchy
if (retMap?.parentComponent?.components?.length) {
if (!parentComponent.components) {
parentComponent.components = [];
}
parentComponent.components = parentComponent.components.concat(
retMap?.parentComponent?.components,
);
}
if (retMap.dependenciesList?.length) {
dependencies = mergeDependencies(
dependencies,
Expand All @@ -3063,7 +3076,7 @@ export async function createPythonBom(path, options) {
}
// Retrieve the tree using virtualenv in deep mode and as a fallback
// This is a slow operation
if (options.deep || !dependencies.length) {
if ((options.deep || !dependencies.length) && !f.endsWith("uv.lock")) {
retMap = getPipFrozenTree(basePath, f, tempDir, parentComponent);
if (retMap.pkgList?.length) {
pkgList = pkgList.concat(retMap.pkgList);
Expand Down
Loading

0 comments on commit 415dc72

Please sign in to comment.