fix: maven - exclude test artifacts (#78)

* refactor: change default URL for Exhort Dev Mode to be Exhort backend URL of Staging environment * fix: maven - only add artifact if it's not test scoped * feat: oss-index - add header and mapping from setting/envVar * test: maven - only add artifact if it's not test scoped update tests expected sbom files for component analysis - removing tests artifacts from there --------- Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>
RHEcosystemAppEng · Nov 15, 2023 · e1048b6 · e1048b6
1 parent e69acd9
commit e1048b6
Show file tree

Hide file tree

Showing 7 changed files with 123 additions and 199 deletions.
diff --git a/src/analysis.js b/src/analysis.js
@@ -102,10 +102,10 @@ function setRhdaHeader(headerName,headers,opts) {
  * @returns {{}}
  */
 function getTokenHeaders(opts = {}) {
-	let supportedTokens = ['snyk']
+	let supportedTokens = ['snyk','oss-index']
 	let headers = {}
 	supportedTokens.forEach(vendor => {
-		let token = getCustom(`EXHORT_${vendor.toUpperCase()}_TOKEN`, null, opts);
+		let token = getCustom(`EXHORT_${vendor.replace("-","_").toUpperCase()}_TOKEN`, null, opts);
 		if (token) {
 			headers[`ex-${vendor}-token`] = token
 		}

diff --git a/src/index.js b/src/index.js
@@ -8,7 +8,7 @@ import PackageJson from '../package.json' assert {type: 'json'};
 
 export default { AnalysisReport, componentAnalysis, stackAnalysis, validateToken }
 
-export const exhortDevDefaultUrl = 'http://alpha-exhort.apps.sssc-cl01.appeng.rhecoeng.com';
+export const exhortDevDefaultUrl = 'https://exhort.stage.devshift.net';
 
 
 export const exhortDefaultUrl = "https://rhda.rhcloud.com";

diff --git a/src/providers/java_maven.js b/src/providers/java_maven.js
@@ -313,13 +313,15 @@ function getDependencies(manifest) {
 		if (dep['#comment'] && dep['#comment'].includes('exhortignore')) { // #comment is an array or a string
 			ignore = true
 		}
-		ignored.push({
-			groupId: dep['groupId'],
-			artifactId: dep['artifactId'],
-			version: dep['version'] ? dep['version'].toString() : '*',
-			scope: '*',
-			ignore: ignore
-		})
+		if(dep['scope'] !== 'test') {
+			ignored.push({
+				groupId: dep['groupId'],
+				artifactId: dep['artifactId'],
+				version: dep['version'] ? dep['version'].toString() : '*',
+				scope: '*',
+				ignore: ignore
+			})
+		}
 	})
 	// return list of dependencies
 	return ignored

diff --git a/...anifests/maven/pom_deps_with_no_ignore_common_paths/component_analysis_expected_sbom.json b/...anifests/maven/pom_deps_with_no_ignore_common_paths/component_analysis_expected_sbom.json
@@ -1,124 +1,111 @@
 {
-    "bomFormat": "CycloneDX",
-    "specVersion": "1.4",
-    "version": 1,
-    "metadata": {
-        "timestamp": "2023-08-07T00:00:00.000Z",
-        "component": {
-            "group": "pom-with-deps-no-ignore",
-            "name": "pom-with-dependency-not-ignored-common-paths",
-            "version": "0.0.1",
-            "purl": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1",
-            "type": "application",
-            "bom-ref": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1"
-        }
-    },
-    "components": [
-        {
-            "group": "pom-with-deps-no-ignore",
-            "name": "pom-with-dependency-not-ignored-common-paths",
-            "version": "0.0.1",
-            "purl": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1",
-            "type": "application",
-            "bom-ref": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1"
-        },
-        {
-            "group": "org.springframework.boot",
-            "name": "spring-boot-starter",
-            "version": "2.3.5.RELEASE",
-            "purl": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE",
-            "type": "library",
-            "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE"
-        },
-        {
-            "group": "org.springframework.boot",
-            "name": "spring-boot-starter-test",
-            "version": "2.3.5.RELEASE",
-            "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE",
-            "type": "library",
-            "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE"
-        },
-        {
-            "group": "org.springframework.boot",
-            "name": "spring-boot-starter-web",
-            "version": "2.3.5.RELEASE",
-            "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE",
-            "type": "library",
-            "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE"
-        },
-        {
-            "group": "io.quarkus",
-            "name": "quarkus-resteasy",
-            "version": "2.7.7.Final",
-            "purl": "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final",
-            "type": "library",
-            "bom-ref": "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final"
-        },
-        {
-            "group": "org.keycloak",
-            "name": "keycloak-saml-core",
-            "version": "1.8.1.Final",
-            "purl": "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final",
-            "type": "library",
-            "bom-ref": "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final"
-        },
-        {
-            "group": "io.quarkus",
-            "name": "quarkus-vertx-http",
-            "version": "2.13.5.Final",
-            "purl": "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
-            "type": "library",
-            "bom-ref": "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final"
-        },
-        {
-            "group": "io.quarkus",
-            "name": "quarkus-jdbc-postgresql",
-            "version": "2.13.6.Final",
-            "purl": "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final",
-            "type": "library",
-            "bom-ref": "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final"
-        }
-    ],
-    "dependencies": [
-        {
-            "ref": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1",
-            "dependsOn": [
-                "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE",
-                "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE",
-                "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE",
-                "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final",
-                "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final",
-                "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
-                "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final"
-            ]
-        },
-        {
-            "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE",
-            "dependsOn": []
-        },
-        {
-            "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE",
-            "dependsOn": []
-        },
-        {
-            "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE",
-            "dependsOn": []
-        },
-        {
-            "ref": "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final",
-            "dependsOn": []
-        },
-        {
-            "ref": "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final",
-            "dependsOn": []
-        },
-        {
-            "ref": "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
-            "dependsOn": []
-        },
-        {
-            "ref": "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final",
-            "dependsOn": []
-        }
-    ]
+	"bomFormat": "CycloneDX",
+	"specVersion": "1.4",
+	"version": 1,
+	"metadata": {
+		"timestamp": "2023-08-07T00:00:00.000Z",
+		"component": {
+			"group": "pom-with-deps-no-ignore",
+			"name": "pom-with-dependency-not-ignored-common-paths",
+			"version": "0.0.1",
+			"purl": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1",
+			"type": "application",
+			"bom-ref": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1"
+		}
+	},
+	"components": [
+		{
+			"group": "pom-with-deps-no-ignore",
+			"name": "pom-with-dependency-not-ignored-common-paths",
+			"version": "0.0.1",
+			"purl": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1",
+			"type": "application",
+			"bom-ref": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1"
+		},
+		{
+			"group": "org.springframework.boot",
+			"name": "spring-boot-starter",
+			"version": "2.3.5.RELEASE",
+			"purl": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE",
+			"type": "library",
+			"bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE"
+		},
+		{
+			"group": "org.springframework.boot",
+			"name": "spring-boot-starter-web",
+			"version": "2.3.5.RELEASE",
+			"purl": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE",
+			"type": "library",
+			"bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE"
+		},
+		{
+			"group": "io.quarkus",
+			"name": "quarkus-resteasy",
+			"version": "2.7.7.Final",
+			"purl": "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final",
+			"type": "library",
+			"bom-ref": "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final"
+		},
+		{
+			"group": "org.keycloak",
+			"name": "keycloak-saml-core",
+			"version": "1.8.1.Final",
+			"purl": "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final",
+			"type": "library",
+			"bom-ref": "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final"
+		},
+		{
+			"group": "io.quarkus",
+			"name": "quarkus-vertx-http",
+			"version": "2.13.5.Final",
+			"purl": "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
+			"type": "library",
+			"bom-ref": "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final"
+		},
+		{
+			"group": "io.quarkus",
+			"name": "quarkus-jdbc-postgresql",
+			"version": "2.13.6.Final",
+			"purl": "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final",
+			"type": "library",
+			"bom-ref": "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final"
+		}
+	],
+	"dependencies": [
+		{
+			"ref": "pkg:maven/pom-with-deps-no-ignore/pom-with-dependency-not-ignored-common-paths@0.0.1",
+			"dependsOn": [
+				"pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE",
+				"pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE",
+				"pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final",
+				"pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final",
+				"pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
+				"pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final"
+			]
+		},
+		{
+			"ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE",
+			"dependsOn": []
+		},
+		{
+			"ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE",
+			"dependsOn": []
+		},
+		{
+			"ref": "pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final",
+			"dependsOn": []
+		},
+		{
+			"ref": "pkg:maven/org.keycloak/keycloak-saml-core@1.8.1.Final",
+			"dependsOn": []
+		},
+		{
+			"ref": "pkg:maven/io.quarkus/quarkus-vertx-http@2.13.5.Final",
+			"dependsOn": []
+		},
+		{
+			"ref": "pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final",
+			"dependsOn": []
+		}
+	]
 }
diff --git a/...rs/tst_manifests/maven/poms_deps_with_2_ignore_long/component_analysis_expected_sbom.json b/...rs/tst_manifests/maven/poms_deps_with_2_ignore_long/component_analysis_expected_sbom.json
@@ -30,14 +30,6 @@
 			"type": "library",
 			"bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE"
 		},
-		{
-			"group": "org.springframework.boot",
-			"name": "spring-boot-starter-test",
-			"version": "2.3.5.RELEASE",
-			"purl": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE",
-			"type": "library",
-			"bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE"
-		},
 		{
 			"group": "org.springframework.boot",
 			"name": "spring-boot-starter-web",
@@ -68,7 +60,6 @@
 			"ref": "pkg:maven/com.example/demo@0.0.1-SNAPSHOT",
 			"dependsOn": [
 				"pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE",
-				"pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE",
 				"pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE",
 				"pkg:maven/io.quarkus/quarkus-resteasy@2.7.7.Final",
 				"pkg:maven/io.quarkus/quarkus-jdbc-postgresql@2.13.6.Final"
@@ -78,10 +69,6 @@
 			"ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.3.5.RELEASE",
 			"dependsOn": []
 		},
-		{
-			"ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.3.5.RELEASE",
-			"dependsOn": []
-		},
 		{
 			"ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.3.5.RELEASE",
 			"dependsOn": []

diff --git a/...ders/tst_manifests/maven/poms_deps_with_ignore_long/component_analysis_expected_sbom.json b/...ders/tst_manifests/maven/poms_deps_with_ignore_long/component_analysis_expected_sbom.json
@@ -61,22 +61,6 @@
 			"purl": "pkg:maven/org.springframework.kafka/spring-kafka@2.8.5",
 			"type": "library",
 			"bom-ref": "pkg:maven/org.springframework.kafka/spring-kafka@2.8.5"
-		},
-		{
-			"group": "org.springframework.boot",
-			"name": "spring-boot-starter-test",
-			"version": "2.6.7",
-			"purl": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.6.7",
-			"type": "library",
-			"bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.6.7"
-		},
-		{
-			"group": "org.springframework.kafka",
-			"name": "spring-kafka-test",
-			"version": "2.8.5",
-			"purl": "pkg:maven/org.springframework.kafka/spring-kafka-test@2.8.5",
-			"type": "library",
-			"bom-ref": "pkg:maven/org.springframework.kafka/spring-kafka-test@2.8.5"
 		}
 	],
 	"dependencies": [
@@ -87,9 +71,7 @@
 				"pkg:maven/io.micrometer/micrometer-registry-prometheus@1.8.5",
 				"pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.7",
 				"pkg:maven/org.apache.kafka/kafka-streams@3.0.1",
-				"pkg:maven/org.springframework.kafka/spring-kafka@2.8.5",
-				"pkg:maven/org.springframework.boot/spring-boot-starter-test@2.6.7",
-				"pkg:maven/org.springframework.kafka/spring-kafka-test@2.8.5"
+				"pkg:maven/org.springframework.kafka/spring-kafka@2.8.5"
 			]
 		},
 		{
@@ -111,14 +93,6 @@
 		{
 			"ref": "pkg:maven/org.springframework.kafka/spring-kafka@2.8.5",
 			"dependsOn": []
-		},
-		{
-			"ref": "pkg:maven/org.springframework.boot/spring-boot-starter-test@2.6.7",
-			"dependsOn": []
-		},
-		{
-			"ref": "pkg:maven/org.springframework.kafka/spring-kafka-test@2.8.5",
-			"dependsOn": []
 		}
 	]
 }