diff --git a/Changelog.md b/Changelog.md index b4e95c7fb1..199faee898 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,8 @@ # FOSSA CLI Changelog +## v3.8.2 +- Poetry: Defaults `category` to `main` if not present in lockfile. ([#1211](https://github.com/fossas/fossa-cli/pull/1211)) + ## v3.8.1 - Setup.py: Fixes an defect with `setup.py` parser, caused by failing to account for line comments or backslash. ([#1191](https://github.com/fossas/fossa-cli/pull/1191)) - Installation: `install-latest.sh` now directs `curl` and `wget` to pass `Cache-Control: no-cache` headers to the server. ([#1206](https://github.com/fossas/fossa-cli/pull/1206)) diff --git a/docs/references/strategies/languages/python/poetry.md b/docs/references/strategies/languages/python/poetry.md index e999a601c0..728ec96226 100644 --- a/docs/references/strategies/languages/python/poetry.md +++ b/docs/references/strategies/languages/python/poetry.md @@ -16,7 +16,7 @@ We parse `pyproject.toml` to find direct dependencies and their [version constra If `poetry.lock` file is discovered, following will be analyzed from lockfile to supplement the analyses: - `[package.dependencies]` - package's dependencies -- `package.category` - package's environment (dev, test, etc.) +- `package.category` - package's environment (dev, test, etc.). If not present, defaults to `main`. - `package.name` - name of the package - `package.version` - resolved version of the package diff --git a/src/Strategy/Python/Poetry/Common.hs b/src/Strategy/Python/Poetry/Common.hs index e80de5f098..4ca54a66b6 100644 --- a/src/Strategy/Python/Poetry/Common.hs +++ b/src/Strategy/Python/Poetry/Common.hs @@ -202,7 +202,14 @@ toMap pkgs = Map.fromList $ (\x -> (canonicalPkgName x, toDependency x)) <$> (fi toDepEnvironment :: PoetryLockPackage -> DepEnvironment toDepEnvironment pkg = case poetryLockPackageCategory pkg of - "dev" -> EnvDevelopment - "main" -> EnvProduction - "test" -> EnvTesting - other -> EnvOther other + Just category -> case category of + "dev" -> EnvDevelopment + "main" -> EnvProduction + "test" -> EnvTesting + other -> EnvOther other + Nothing -> defaultDepEnvironment + + defaultDepEnvironment :: DepEnvironment + -- Poetry made this field optional. When not present, it defaults to `main`, which maps to `EnvProduction`. + -- https://github.com/python-poetry/poetry/pull/7637 + defaultDepEnvironment = EnvProduction diff --git a/src/Strategy/Python/Poetry/PoetryLock.hs b/src/Strategy/Python/Poetry/PoetryLock.hs index 73c53bfc93..df598a9bed 100644 --- a/src/Strategy/Python/Poetry/PoetryLock.hs +++ b/src/Strategy/Python/Poetry/PoetryLock.hs @@ -29,8 +29,10 @@ newtype PackageName = PackageName {unPackageName :: Text} deriving (Eq, Ord, Sho poetryLockCodec :: TomlCodec PoetryLock poetryLockCodec = PoetryLock - <$> Toml.list poetryLockPackageCodec "package" .= poetryLockPackages - <*> Toml.table poetryMetadataCodec "metadata" .= poetryLockMetadata + <$> Toml.list poetryLockPackageCodec "package" + .= poetryLockPackages + <*> Toml.table poetryMetadataCodec "metadata" + .= poetryLockMetadata -- | Metadata of poetry lock file. data PoetryMetadata = PoetryMetadata @@ -43,9 +45,12 @@ data PoetryMetadata = PoetryMetadata poetryMetadataCodec :: TomlCodec PoetryMetadata poetryMetadataCodec = PoetryMetadata - <$> Toml.text "lock-version" .= poetryMetadataLockVersion - <*> Toml.text "content-hash" .= poetryMetadataContentHash - <*> Toml.text "python-versions" .= poetryMetadataPythonVersions + <$> Toml.text "lock-version" + .= poetryMetadataLockVersion + <*> Toml.text "content-hash" + .= poetryMetadataContentHash + <*> Toml.text "python-versions" + .= poetryMetadataPythonVersions -- | A PoetryLockPackageSource represents [package.source] field in poetry.lock. -- Source indicates from where the package was retrieved. @@ -61,7 +66,7 @@ data PoetryLockPackageSource = PoetryLockPackageSource data PoetryLockPackage = PoetryLockPackage { poetryLockPackageName :: PackageName , poetryLockPackageVersion :: Text - , poetryLockPackageCategory :: Text + , poetryLockPackageCategory :: Maybe Text , poetryLockPackageOptional :: Bool , poetryLockPackagePythonVersions :: Text , poetryLockPackageDependencies :: Map Text PoetryLockDependencySpec @@ -72,21 +77,32 @@ data PoetryLockPackage = PoetryLockPackage poetryLockPackageCodec :: TomlCodec PoetryLockPackage poetryLockPackageCodec = PoetryLockPackage - <$> Toml.diwrap (Toml.text "name") .= poetryLockPackageName - <*> Toml.text "version" .= poetryLockPackageVersion - <*> Toml.text "category" .= poetryLockPackageCategory - <*> Toml.bool "optional" .= poetryLockPackageOptional - <*> Toml.text "python-versions" .= poetryLockPackagePythonVersions - <*> Toml.tableMap Toml._KeyText poetryLockPackagePoetryLockDependencySpecCodec "dependencies" .= poetryLockPackageDependencies - <*> Toml.dioptional (Toml.table poetryLockPackageSourceCodec "source") .= poetryLockPackageSource + <$> Toml.diwrap (Toml.text "name") + .= poetryLockPackageName + <*> Toml.text "version" + .= poetryLockPackageVersion + <*> Toml.dioptional (Toml.text "category") + .= poetryLockPackageCategory + <*> Toml.bool "optional" + .= poetryLockPackageOptional + <*> Toml.text "python-versions" + .= poetryLockPackagePythonVersions + <*> Toml.tableMap Toml._KeyText poetryLockPackagePoetryLockDependencySpecCodec "dependencies" + .= poetryLockPackageDependencies + <*> Toml.dioptional (Toml.table poetryLockPackageSourceCodec "source") + .= poetryLockPackageSource poetryLockPackageSourceCodec :: TomlCodec PoetryLockPackageSource poetryLockPackageSourceCodec = PoetryLockPackageSource - <$> Toml.text "type" .= poetryLockPackageSourceType - <*> Toml.text "url" .= poetryLockPackageSourceUrl - <*> Toml.dioptional (Toml.text "reference") .= poetryLockPackageSourceReference - <*> Toml.dioptional (Toml.text "resolved_reference") .= poetryLockPackageSourceResolvedReference + <$> Toml.text "type" + .= poetryLockPackageSourceType + <*> Toml.text "url" + .= poetryLockPackageSourceUrl + <*> Toml.dioptional (Toml.text "reference") + .= poetryLockPackageSourceReference + <*> Toml.dioptional (Toml.text "resolved_reference") + .= poetryLockPackageSourceResolvedReference data PoetryLockDependencySpec = TextVersion Text @@ -102,7 +118,8 @@ newtype ObjectVersion = ObjectVersion objectVersionCodec :: TomlCodec ObjectVersion objectVersionCodec = ObjectVersion - <$> Toml.text "version" .= unObjectVersion + <$> Toml.text "version" + .= unObjectVersion matchTextVersion :: PoetryLockDependencySpec -> Maybe Text matchTextVersion (TextVersion version) = Just version diff --git a/test/Python/Poetry/CommonSpec.hs b/test/Python/Poetry/CommonSpec.hs index 353677da0b..9769e581a7 100644 --- a/test/Python/Poetry/CommonSpec.hs +++ b/test/Python/Poetry/CommonSpec.hs @@ -111,7 +111,7 @@ notSupportedPoetryLockDependency = PoetryLockPackage { poetryLockPackageName = PackageName "pkgSourcedFromFile" , poetryLockPackageVersion = "1.1.0" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Just "main" , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = "*" @@ -184,7 +184,7 @@ spec = do [ PoetryLockPackage { poetryLockPackageName = PackageName "pkgOne" , poetryLockPackageVersion = "1.21.0" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Just "main" , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.fromList @@ -216,7 +216,7 @@ spec = do [ PoetryLockPackage { poetryLockPackageName = PackageName "pkgWithGitSource" , poetryLockPackageVersion = "5.22.0.post0" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Just "main" , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = "*" @@ -243,7 +243,7 @@ spec = do [ PoetryLockPackage { poetryLockPackageName = PackageName "pkgSourcedFromUrl" , poetryLockPackageVersion = "3.92.1" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Just "main" , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = "*" @@ -270,7 +270,7 @@ spec = do [ PoetryLockPackage { poetryLockPackageName = PackageName "pkgSourcedFromFile" , poetryLockPackageVersion = "1.21.0" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Just "main" , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = "*" @@ -285,7 +285,7 @@ spec = do [ PoetryLockPackage { poetryLockPackageName = PackageName "myprivatepkg" , poetryLockPackageVersion = "0.0.1" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Just "main" , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = ">=3.6" diff --git a/test/Python/Poetry/PoetryLockSpec.hs b/test/Python/Poetry/PoetryLockSpec.hs index bcb51dc239..a1e0e8c9fe 100644 --- a/test/Python/Poetry/PoetryLockSpec.hs +++ b/test/Python/Poetry/PoetryLockSpec.hs @@ -35,7 +35,7 @@ expectedPoetryLock = [ PoetryLockPackage { poetryLockPackageName = PackageName "pkgWithGitSource" , poetryLockPackageVersion = "5.22.0.post0" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Just "some_other_category" , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = "*" @@ -51,7 +51,7 @@ expectedPoetryLock = , PoetryLockPackage { poetryLockPackageName = PackageName "pkgSourcedFromFile" , poetryLockPackageVersion = "1.21.0" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Just "main" , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = "*" @@ -67,7 +67,7 @@ expectedPoetryLock = , PoetryLockPackage { poetryLockPackageName = PackageName "pkgSourcedFromUrl" , poetryLockPackageVersion = "3.92.1" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Nothing , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = "*" @@ -83,7 +83,7 @@ expectedPoetryLock = , PoetryLockPackage { poetryLockPackageName = PackageName "pkgOne" , poetryLockPackageVersion = "1.21.0" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Nothing , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.fromList @@ -103,7 +103,7 @@ expectedPoetryLock = , PoetryLockPackage { poetryLockPackageName = PackageName "pkgOneChildofOne" , poetryLockPackageVersion = "11.4" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Nothing , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = "*" @@ -112,7 +112,7 @@ expectedPoetryLock = , PoetryLockPackage { poetryLockPackageName = PackageName "pkgTwoChildofOne" , poetryLockPackageVersion = "5.4" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Nothing , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = "*" @@ -121,7 +121,7 @@ expectedPoetryLock = , PoetryLockPackage { poetryLockPackageName = PackageName "pkgThreeChildofOne" , poetryLockPackageVersion = "1.6.1" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Nothing , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = "*" @@ -130,7 +130,7 @@ expectedPoetryLock = , PoetryLockPackage { poetryLockPackageName = PackageName "myprivatepkg" , poetryLockPackageVersion = "0.0.1" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Nothing , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = ">=3.6" diff --git a/test/Python/Poetry/testdata/poetry.lock b/test/Python/Poetry/testdata/poetry.lock index 631e084830..cf2ad7b5fa 100644 --- a/test/Python/Poetry/testdata/poetry.lock +++ b/test/Python/Poetry/testdata/poetry.lock @@ -1,7 +1,7 @@ # Sourced from git repository [[package]] -category = "main" +category = "some_other_category" description = "some package with git source" name = "pkgWithGitSource" optional = false @@ -31,7 +31,6 @@ url = "pkgTwo-1.21.0.tar.gz" # Sourced from url [[package]] -category = "main" description = "some package three" name = "pkgSourcedFromUrl" optional = false @@ -43,7 +42,6 @@ type = "url" url = "https://some-url.com/some-dir/pkgThree-3.92.1.tar.gz" [[package]] -category = "main" description = "some package one" name = "pkgOne" optional = false @@ -61,7 +59,6 @@ pkgTwoChildofOne = {version = "5.4", markers = "extra == \"idna2008\""} # Resolved dependencies of pkgOne [[package]] -category = "main" description = "description of pkgOneChildofOne" name = "pkgOneChildofOne" optional = false @@ -69,7 +66,6 @@ python-versions = "*" version = "11.4" [[package]] -category = "main" description = "description of pkgTwoChildofOne" name = "pkgTwoChildofOne" optional = false @@ -77,7 +73,6 @@ python-versions = "*" version = "5.4" [[package]] -category = "main" description = "description of pkgThreeChildofOne" name = "pkgThreeChildofOne" optional = false @@ -85,7 +80,6 @@ python-versions = "*" version = "1.6.1" [[package]] -category = "main" description = "A small example package" name = "myprivatepkg" optional = false diff --git a/test/Python/PoetrySpec.hs b/test/Python/PoetrySpec.hs index db2875b1be..66f15de435 100644 --- a/test/Python/PoetrySpec.hs +++ b/test/Python/PoetrySpec.hs @@ -36,7 +36,7 @@ candidatePoetryLock = [ PoetryLockPackage { poetryLockPackageName = PackageName "flow_pipes" , poetryLockPackageVersion = "1.21.0" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Just "main" , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.fromList [("flow_pipes_gravity", TextVersion "^1.1")] , poetryLockPackagePythonVersions = "*" @@ -45,7 +45,7 @@ candidatePoetryLock = , PoetryLockPackage { poetryLockPackageName = PackageName "flow_pipes_gravity" , poetryLockPackageVersion = "1.1.1" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Just "main" , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = "*" @@ -83,7 +83,7 @@ spec = do [ PoetryLockPackage { poetryLockPackageName = PackageName "somePkg" , poetryLockPackageVersion = "1.21.0" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Just "main" , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = "*" @@ -99,7 +99,7 @@ spec = do [ PoetryLockPackage { poetryLockPackageName = PackageName "somePkg" , poetryLockPackageVersion = "1.21.0" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Just "main" , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.fromList [("pkgOneChildOne", TextVersion "*")] , poetryLockPackagePythonVersions = "*" @@ -108,7 +108,7 @@ spec = do , PoetryLockPackage { poetryLockPackageName = PackageName "pkgOneChildOne" , poetryLockPackageVersion = "1.22.0" - , poetryLockPackageCategory = "main" + , poetryLockPackageCategory = Just "main" , poetryLockPackageOptional = False , poetryLockPackageDependencies = Map.empty , poetryLockPackagePythonVersions = "*"