Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a "Project" suffix to the type of project IDs #9392

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Add a "Project" suffix to the type of project IDs #9392

wants to merge 2 commits into from

Conversation

sschuberth
Copy link
Member

Please have a look at the individual commit messages for the details.

@sschuberth sschuberth requested a review from a team as a code owner November 7, 2024 12:41
@sschuberth sschuberth marked this pull request as draft November 7, 2024 12:41
@codecov Codecov
Copy link

codecov bot commented Nov 7, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.91%. Comparing base (151858e) to head (6f5d2eb).

Additional details and impacted files 
@@            Coverage Diff            @@
##               main    #9392   +/-   ##
=========================================
  Coverage     67.91%   67.91%           
  Complexity     1262     1262           
=========================================
  Files           244      244           
  Lines          8724     8724           
  Branches        909      909           
=========================================
  Hits           5925     5925           
  Misses         2422     2422           
  Partials        377      377
Flag Coverage Δ
test 36.25% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sschuberth sschuberth force-pushed the project-id-type branch 4 times, most recently from a0d2bfe to 212fcad Compare November 7, 2024 16:19
@sschuberth
fix(analyzer): Suffix project types with "Project"
54aeadd 
To avoid one root cause of duplicate project vs package IDs, add a
"Project" suffix to the `type` of project IDs.

This change does not affect IDs used in package curation or package
configurations as these really only apply to packages, not projects.

Signed-off-by: Sebastian Schuberth <[email protected]>
@olfkadolf
Copy link

olfkadolf commented Dec 2, 2024
edited
Loading

This would solve my scan issues I believe, any timeline when it will be merged?
Within Phoenix framework there are two packages defined with the same name, causing the Analyzer to crash.

https://github.com/phoenixframework/phoenix/blob/main/package.json
https://github.com/phoenixframework/phoenix/blob/main/assets/package.json

Exception in thread "main" java.lang.IllegalArgumentException: Unable to create the AnalyzerResult as it contains packages and projects with the same ids: [[Package(id=Identifier(type=NPM, namespace=, name=phoenix, version=1.7.14), purl=pkg:npm/[email protected], cpe=null, authors=[Chris McCord], declaredLicenses=[MIT], declaredLicensesProcessed=ProcessedDeclaredLicense(spdxExpression=MIT, mapped={}, unmapped=[]), concludedLicense=null, description=, homepageUrl=, binaryArtifact=RemoteArtifact(url=, hash=Hash(value=, algorithm=)), sourceArtifact=RemoteArtifact(url=, hash=Hash(value=, algorithm=)), vcs=VcsInfo(type=Git, url=git://github.com/phoenixframework/phoenix.git, revision=, path=), vcsProcessed=VcsInfo(type=Git, url=https://gitlab-ci-token@foo/bar.git, revision=b60b4b13d1c8531792f99a5f84522558c3e3f1a7, path=deps/phoenix), isMetadataOnly=false, isModified=false, sourceCodeOrigins=null), Package(id=Identifier(type=NPM, namespace=, name=phoenix, version=1.7.14), purl=pkg:npm/[email protected], cpe=null, authors=[Chris McCord], declaredLicenses=[MIT], declaredLicensesProcessed=ProcessedDeclaredLicense(spdxExpression=MIT, mapped={}, unmapped=[]), concludedLicense=null, description=The official JavaScript client for the Phoenix web framework., homepageUrl=https://github.com/phoenixframework/phoenix#readme, binaryArtifact=RemoteArtifact(url=, hash=Hash(value=, algorithm=)), sourceArtifact=RemoteArtifact(url=https://registry.npmjs.org/phoenix/-/phoenix-1.7.14.tgz, hash=Hash(value=2661c59dc39f0c0c00f4a4f5e5a9dfad22783810, algorithm=SHA-1)), vcs=VcsInfo(type=Git, url=git://github.com/phoenixframework/phoenix.git, revision=e99f657f1cc9062fca0f2b8b79bc90659d8bd514, path=), vcsProcessed=VcsInfo(type=Git, url=https://github.com/phoenixframework/phoenix.git, revision=e99f657f1cc9062fca0f2b8b79bc90659d8bd514, path=), isMetadataOnly=false, isModified=false, sourceCodeOrigins=null)]]
at org.ossreviewtoolkit.analyzer.AnalyzerResultBuilder.build(AnalyzerResultBuilder.kt:45)
at org.ossreviewtoolkit.analyzer.AnalyzerState.buildResult(Analyzer.kt:257)
at org.ossreviewtoolkit.analyzer.Analyzer.analyzeInParallel(Analyzer.kt:182)
at org.ossreviewtoolkit.analyzer.Analyzer.analyze(Analyzer.kt:134)
at org.ossreviewtoolkit.plugins.commands.analyzer.AnalyzerCommand.run(AnalyzerCommand.kt:203)
at com.github.ajalt.clikt.core.CoreCliktCommandKt.parse(CoreCliktCommand.kt:107)
at com.github.ajalt.clikt.core.CoreCliktCommandKt.main(CoreCliktCommand.kt:78)
at com.github.ajalt.clikt.core.CoreCliktCommandKt.main(CoreCliktCommand.kt:90)
at org.ossreviewtoolkit.cli.OrtMainKt.main(OrtMain.kt:87)

private repository anonymized

@sschuberth
Copy link
Member Author

@olfkadolf, unfortunately your case wouldn't be solved by this PR, which is about package-vs-project duplicates. Your case is about a project-vs-project duplicate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sschuberth @olfkadolf