Skip to content

Support defining a generic Git Service through defaults.ini for build tool detection #693

@tromai

Description

@tromai

Problem

In Macaron, at this place

if isinstance(git_service, NoneGitService):
logger.error("Unable to find repository or unsupported git service for %s", analyze_ctx.component.purl)
else:
logger.info(
"Detected git service %s for %s.", git_service.name, analyze_ctx.component.repository.complete_name
)
analyze_ctx.dynamic_data["git_service"] = git_service
# Determine the build tool.
for build_tool in BUILD_TOOLS:

The build tool detection logic is only run if the git service of the target repository is supported by Macaron. This mean that git_service must be either GitLab or GitHub.

The git service detection requires the remote url to be of a known service (e.g. github.com or gitlab.com). See implementation here:

def is_detected(self, url: str) -> bool:
"""Check if the remote repo at the given ``url`` is hosted on this git service.
This check is done by checking the URL of the repo against the hostname of this
git service.
Parameters
----------
url : str
The url of the remote repo.
Returns
-------
bool
True if the repo is indeed hosted on this git service.
"""
if self.hostname is None:
return False
return (
git_url.parse_remote_url(
url,
allowed_git_service_hostnames=[self.hostname],
)
is not None
)

For a user to analyze an repository that is hosted on an unknown/not supported git service (e.g. bitbucket.org), they must first clone the repository into their filesystem and provide its local path to Macaron (i.e analyzing-a-locally-cloned-repository). Macaron will detect the remote URL of this local repository as it was from an unknown git service and will not run the build tool detection. This is an expected behavior.

However, there are some problems to this behavior:

  • Theoretically, the build tool detection logic, which only looks statically into the files of the target repository, doesn't rely on the type of git or CI service for a repository.
  • Given the scenario above, there aren't any checks that could possibly pass (other than the version_control_system, which always passes).

Solution

Due to the following reasons:

  • A build tool can be detected regardless of the git service or CI service. However our current checks (e.g. build and provenance related checks) all rely on reachability via CI (which currently, we have great support for GitHub but not as much for other Git and CI service).
  • Therefore, unless we come up with a check that doesn't rely on the git or CI service of a repo. The "if" statement here still makes sense
    if isinstance(git_service, NoneGitService):

With those reasons, we have decided to:

  • Support a GenericGitService with the host name that the user define in defaults.ini. This will allow the build tool detection to run for the scenario of analyzing a local repository with unknown git service. (will be handled in this issue).
  • Add a check called has_build_configs which relies only on the build tool detection and doesn't rely on git or CI service (TBD in a separated issue)
  • Rename and modify the description of checks in Macaron to further reflects the changes (TBD in a separated issue)

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions