chore: feedback and rebase fixes

Signed-off-by: Ben Selwyn-Smith <[email protected]>
oracle · Jan 9, 2025 · b8261f3 · b8261f3
1 parent 3faa742
commit b8261f3
Show file tree

Hide file tree

Showing 8 changed files with 41 additions and 36 deletions.
diff --git a/src/macaron/database/table_definitions.py b/src/macaron/database/table_definitions.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2023 - 2024, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2023 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """
@@ -179,9 +179,7 @@ class Component(PackageURLMixin, ORMBase):
     )
 
     #: The one-to-one relationship with Repo Finder metadata.
-    repo_finder_metadata: Mapped["RepoFinderMetadata"] = relationship(
-        uselist=False, back_populates="component", lazy="immediate"
-    )
+    repo_finder_metadata: Mapped["RepoFinderMetadata"] = relationship(back_populates="component", lazy="immediate")
 
     def __init__(
         self, purl: str, analysis: Analysis, repository: "Repository | None", repo_finder_metadata: "RepoFinderMetadata"

diff --git a/src/macaron/repo_finder/repo_finder.py b/src/macaron/repo_finder/repo_finder.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2023 - 2024, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2023 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """
@@ -47,7 +47,7 @@
 from macaron.repo_finder.commit_finder import find_commit, match_tags
 from macaron.repo_finder.repo_finder_base import BaseRepoFinder
 from macaron.repo_finder.repo_finder_deps_dev import DepsDevRepoFinder
-from macaron.repo_finder.repo_finder_enums import RepoFinderOutcome, CommitFinderOutcome
+from macaron.repo_finder.repo_finder_enums import CommitFinderOutcome, RepoFinderOutcome
 from macaron.repo_finder.repo_finder_java import JavaRepoFinder
 from macaron.repo_finder.repo_utils import (
     check_repo_urls_are_equivalent,
@@ -101,10 +101,10 @@ def find_repo(purl: PackageURL, check_latest_version: bool = True) -> tuple[str,
 
     # Call Repo Finder and return first valid URL
     logger.debug("Analyzing %s with Repo Finder: %s", purl, type(repo_finder))
-    found_repo = repo_finder.find_repo(purl)
+    found_repo, outcome = repo_finder.find_repo(purl)
 
     if found_repo or not check_latest_version:
-        return found_repo
+        return found_repo, outcome
 
     # Try to find the latest version repo.
     logger.error("Could not find repo for PURL: %s", purl)
@@ -113,10 +113,10 @@ def find_repo(purl: PackageURL, check_latest_version: bool = True) -> tuple[str,
         logger.debug("Could not find newer PURL than provided: %s", purl)
         return "", RepoFinderOutcome.NO_NEWER_VERSION
 
-    found_repo = DepsDevRepoFinder().find_repo(latest_version_purl)
+    found_repo, outcome = DepsDevRepoFinder().find_repo(latest_version_purl)
     if not found_repo:
         logger.debug("Could not find repo from latest version of PURL: %s", latest_version_purl)
-    return found_repo
+    return found_repo, outcome
 
 
 def to_repo_path(purl: PackageURL, available_domains: list[str]) -> str | None:
@@ -206,7 +206,7 @@ def find_source(purl_string: str, input_repo: str | None, latest_version_fallbac
     found_repo = input_repo
     if not found_repo:
         logger.debug("Searching for repo of PURL: %s", purl)
-        found_repo = find_repo(purl)
+        found_repo, _ = find_repo(purl)
 
     if not found_repo:
         logger.error("Could not find repo for PURL: %s", purl)
@@ -215,25 +215,29 @@ def find_source(purl_string: str, input_repo: str | None, latest_version_fallbac
     # Disable other loggers for cleaner output.
     logging.getLogger("macaron.slsa_analyzer.analyzer").disabled = True
 
-    digest = None
     if defaults.getboolean("repofinder", "find_source_should_clone"):
         # Clone the repo to retrieve the tags.
         logger.debug("Preparing repo: %s", found_repo)
         repo_dir = os.path.join(global_config.output_path, GIT_REPOS_DIR)
         logging.getLogger("macaron.slsa_analyzer.git_url").disabled = True
         # The prepare_repo function will also check the latest version of the artifact if required.
-        git_obj, outcome, digest = prepare_repo(repo_dir, found_repo, purl=purl, latest_version_fallback=not checked_latest_purl)
+        _, _, digest = prepare_repo(repo_dir, found_repo, purl=purl, latest_version_fallback=not checked_latest_purl)
 
         if not digest:
             return False
     else:
         # Retrieve the tags using a remote git operation.
         tags = get_tags_via_git_remote(found_repo)
-        if tags:
-            matches, outcome = match_tags(list(tags.keys()), purl.name, purl.version)
-            if matches:
-                matched_tag = matches[0]
-                digest = tags[matched_tag]
+        if not tags:
+            return False
+
+        matches, _ = match_tags(list(tags.keys()), purl.name, purl.version)
+
+        if not matches:
+            return False
+
+        matched_tag = matches[0]
+        digest = tags[matched_tag]
 
         if not digest:
             logger.error("Could not find commit for purl / repository: %s / %s", purl, found_repo)

diff --git a/src/macaron/repo_finder/repo_finder_deps_dev.py b/src/macaron/repo_finder/repo_finder_deps_dev.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2023 - 2024, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2023 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """This module contains the PythonRepoFinderDD class to be used for finding repositories using deps.dev."""
@@ -151,7 +151,10 @@ def get_latest_version(purl: PackageURL) -> tuple[PackageURL | None, RepoFinderO
             return None, RepoFinderOutcome.DDEV_JSON_INVALID
 
         namespace = purl.namespace + "/" if purl.namespace else ""
-        return PackageURL.from_string(f"pkg:{purl.type}/{namespace}{purl.name}@{latest_version}"), RepoFinderOutcome.FOUND_FROM_LATEST
+        return (
+            PackageURL.from_string(f"pkg:{purl.type}/{namespace}{purl.name}@{latest_version}"),
+            RepoFinderOutcome.FOUND_FROM_LATEST,
+        )
 
     def _create_urls(self, purl: PackageURL) -> tuple[list[str], RepoFinderOutcome]:
         """

diff --git a/src/macaron/repo_finder/repo_finder_java.py b/src/macaron/repo_finder/repo_finder_java.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2023 - 2024, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2023 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """This module contains the JavaRepoFinder class to be used for finding Java repositories."""
@@ -12,8 +12,8 @@
 from macaron.config.defaults import defaults
 from macaron.parsers.pomparser import parse_pom_string
 from macaron.repo_finder.repo_finder_base import BaseRepoFinder
-from macaron.repo_finder.repo_finder_enums import RepoFinderOutcome
 from macaron.repo_finder.repo_finder_deps_dev import DepsDevRepoFinder
+from macaron.repo_finder.repo_finder_enums import RepoFinderOutcome
 from macaron.repo_finder.repo_validator import find_valid_repository_url
 from macaron.util import send_get_http_raw
 

diff --git a/src/macaron/repo_finder/repo_utils.py b/src/macaron/repo_finder/repo_utils.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2024 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """This module contains the utility functions for repo and commit finder operations."""
@@ -11,9 +11,6 @@
 from packageurl import PackageURL
 
 from macaron.config.global_config import global_config
-from macaron.errors import CloneError, RepoCheckOutError
-from macaron.repo_finder.commit_finder import find_commit
-from macaron.repo_finder.repo_finder_enums import CommitFinderOutcome
 from macaron.slsa_analyzer.git_service import GIT_SERVICES, BaseGitService
 from macaron.slsa_analyzer.git_service.base_git_service import NoneGitService
 from macaron.slsa_analyzer.git_url import GIT_REPOS_DIR

diff --git a/src/macaron/slsa_analyzer/analyzer.py b/src/macaron/slsa_analyzer/analyzer.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2022 - 2024, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2022 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """This module handles the cloning and analyzing a Git repo."""
@@ -43,8 +43,8 @@
     extract_repo_and_commit_from_provenance,
 )
 from macaron.repo_finder.provenance_finder import ProvenanceFinder, find_provenance_from_ci
-from macaron.repo_finder.repo_finder_enums import CommitFinderOutcome, RepoFinderOutcome
 from macaron.repo_finder.repo_finder import prepare_repo
+from macaron.repo_finder.repo_finder_enums import CommitFinderOutcome, RepoFinderOutcome
 from macaron.repo_finder.repo_utils import get_git_service
 from macaron.repo_verifier.repo_verifier import verify_repo
 from macaron.slsa_analyzer import git_url

diff --git a/tests/integration/cases/repo_finder_remote_calls/repo_finder.py b/tests/integration/cases/repo_finder_remote_calls/repo_finder.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2023 - 2024, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2023 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """This script tests the functionality of the repo finder's remote API calls."""
@@ -12,8 +12,8 @@
 from macaron.config.defaults import defaults
 from macaron.repo_finder import repo_validator
 from macaron.repo_finder.repo_finder import find_repo
-from macaron.repo_finder.repo_finder_enums import RepoFinderOutcome
 from macaron.repo_finder.repo_finder_deps_dev import DepsDevRepoFinder
+from macaron.repo_finder.repo_finder_enums import RepoFinderOutcome
 from macaron.slsa_analyzer.git_url import clean_url
 
 logger: logging.Logger = logging.getLogger(__name__)
@@ -80,7 +80,7 @@ def test_repo_finder() -> int:
 
     # Test Java package whose SCM metadata only points to the repo in later versions than is provided here.
     purl = PackageURL.from_string("pkg:maven/io.vertx/[email protected]")
-    repo = find_repo(purl)
+    repo, _ = find_repo(purl)
     if repo == "https://github.com/eclipse-vertx/vertx-auth":
         return os.EX_UNAVAILABLE
     latest_purl, _ = DepsDevRepoFinder().get_latest_version(purl)
@@ -90,7 +90,8 @@ def test_repo_finder() -> int:
         return os.EX_UNAVAILABLE
 
     # Test Java package that has no version.
-    if not find_repo(PackageURL.from_string("pkg:maven/io.vertx/vertx-auth-common")):
+    match, outcome = find_repo(PackageURL.from_string("pkg:maven/io.vertx/vertx-auth-common"))
+    if not match or outcome != RepoFinderOutcome.FOUND:
         return os.EX_UNAVAILABLE
 
     return os.EX_OK

diff --git a/tests/repo_finder/test_repo_finder.py b/tests/repo_finder/test_repo_finder.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2023 - 2024, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2023 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """This module tests the repo finder."""
@@ -115,7 +115,7 @@ def test_repo_finder_java_invalid_config(tmp_path: Path, test_config: str, expec
         test_config_file.write(test_config)
     load_defaults(test_config_path)
 
-    found_repo, outcome = repo_finder.find_repo(PackageURL.from_string("pkg:maven/test/test@1"))
+    found_repo, outcome = repo_finder.find_repo(PackageURL.from_string("pkg:maven/test/test@1"), False)
     assert not found_repo
     assert outcome == expected
 
@@ -129,7 +129,7 @@ def test_repo_finder_java_invalid_config(tmp_path: Path, test_config: str, expec
 )
 def test_repo_finder_java_invalid_input(purl_string: str, expected: RepoFinderOutcome) -> None:
     """Test the Repo Finder when invalid input is provided."""
-    found_repo, outcome = repo_finder.find_repo(PackageURL.from_string(purl_string))
+    found_repo, outcome = repo_finder.find_repo(PackageURL.from_string(purl_string), False)
     assert not found_repo
     assert outcome == expected
 
@@ -175,7 +175,9 @@ def test_repo_finder_java_invalid_pom_or_scm(
     target_url = "/" + "/".join([group, artifact, version, f"{artifact}-{version}.pom"])
     httpserver_java.expect_request(target_url).respond_with_data(test_pom)
 
-    found_repo, outcome = repo_finder.find_repo(PackageURL.from_string(f"pkg:maven/{group}/{artifact}@{version}"))
+    found_repo, outcome = repo_finder.find_repo(
+        PackageURL.from_string(f"pkg:maven/{group}/{artifact}@{version}"), False
+    )
     assert not found_repo
     assert outcome == expected