Conan improvements #4541
Merged
Conan improvements #4541
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Prefer "parse" over "extract" to align the function naming in Bower, Cargo, and Conan with the other package manager implementations. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
Using the `Stack` class was completely unnecessary and only made the code more complex. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
`forEach` can be used directly as Kotlin automatically creates an iterator for iterable objects. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
sschuberth
requested changes
Oct 5, 2021
83a9cd3 to
63478cd
Compare
fviernau
requested changes
Oct 5, 2021
analyzer/src/funTest/assets/projects/synthetic/conan-expected-output-txt.yml
Outdated
Show resolved
Hide resolved
|
Out of scope: Seeing these VCS URLs pointing to Conan index raises the question to me whether it is ok to return VCS URLs which do not point to the source code of the artifact. Actually I believe the answer to that should be a clear NO, as it creates the false impression that sources have been scanned and is inconsistent with ORTs approach. How about making the URLs just "bank" in a following task? Maybe @oss-review-toolkit/core-devs ? |
Note that after the last commit in this PR, no VCS URL points to Conan index anymore.
I'd also say "no", but this also is not the case anymore after the last commit in this PR. VCS URLs are either empty in favor of the real source artifact, or VCS info is deduced from the homepage, if possible. |
63478cd to
3e11d71
Compare
fviernau
previously approved these changes
Oct 5, 2021
Running "conan inspect" takes about 1s each time. Calling it separately for each field is therefore a huge waste of time, especially since the same fields are requested multiple times for the same packages while building the dependency tree. To fix this, run "conan inspect" only once for each package and cache the results for all fields. This requires to create a temporary JSON file, because "conan inspect" does not support to output the JSON to stdout. This reduces the execution time of the `ConanFunTest` from about 100s to about 30s and should have an even larger impact on projects with more dependencies, especially if there are repetitions within the dependency tree. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
Use a dependency with one more level of transitive dependencies to better show the issues with building the dependency tree which will be fixed in the next commit. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
Fix two issues with building the dependency tree: * The algorithm wrongly used all nodes in the output of "conan info" as root nodes of the dependency, but only the first node represents the root. * The dependencies for different scopes were assigned to separate `PackageReference` objects with the same id and afterwards added to a set. As a result only one of them was contained in the set. The result was that the root level of the dependency tree contained too many dependencies, while transitive dependencies were missing. While at it, rename some variables for better readability. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
Do not parse the VCS info from the output of "conan info", because this only ever points to the recipe of the package, but not to the source code. Usually this points to the ConanCenter index [1]. Instead, try to parse the VCS info from the homepage URL of the package. This partly addresses #2037. [1] https://github.com/conan-io/conan-center-index Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
Try to parse the source artifact information for packages from the conandata.yml file in the local repository. Resolves #2037. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
3e11d71 to
eb77a1c
Compare
sschuberth
approved these changes
Oct 5, 2021
fviernau
approved these changes
Oct 5, 2021
mnonnenmacher
added a commit
that referenced
this pull request
Apr 28, 2022
The related issue has been fixed in #4541. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
mnonnenmacher
added a commit
that referenced
this pull request
Apr 28, 2022
The related issue has been fixed in #4541. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
mnonnenmacher
added a commit
that referenced
this pull request
Apr 28, 2022
The related issue has been fixed in #4541. Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Various improvements for the Conan package manager:
See the commit messages for details.