Remove update_from_data method #447

    * We never run into the situation where we are updating a DiscoveredDependency when scanning packages
    * Clean up migrations

Signed-off-by: Jono Yang <jyang@nexb.com>

scanpipe/migrations/0019_codebaseresource_package_data_discovereddependency.py

@@ -1,4 +1,4 @@
-# Generated by Django 4.0.6 on 2022-07-20 23:58
+# Generated by Django 4.0.6 on 2022-07-27 01:11
 
 from django.db import migrations, models
 import django.db.models.deletion
@@ -15,15 +15,15 @@ class Migration(migrations.Migration):
         migrations.AddField(
             model_name='codebaseresource',
             name='package_data',
-            field=models.JSONField(blank=True, default=dict, help_text='List of Package data detected from this CodebaseResource'),
+            field=models.JSONField(blank=True, default=list, help_text='List of Package data detected from this CodebaseResource'),
         ),
         migrations.CreateModel(
             name='DiscoveredDependency',
             fields=[
                 ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                 ('purl', models.CharField(help_text='The Package URL of this dependency.', max_length=1024)),
-                ('extracted_requirement', models.CharField(help_text='The version requirements of this dependency.', max_length=32)),
-                ('scope', models.CharField(help_text='The scope of this dependency, how it is used in a project.', max_length=32)),
+                ('extracted_requirement', models.CharField(help_text='The version requirements of this dependency.', max_length=64)),
+                ('scope', models.CharField(help_text='The scope of this dependency, how it is used in a project.', max_length=64)),
                 ('is_runtime', models.BooleanField(default=False)),
                 ('is_optional', models.BooleanField(default=False)),
                 ('is_resolved', models.BooleanField(default=False)),

scanpipe/models.py

@@ -1483,7 +1483,7 @@ class Compliance(models.TextChoices):
     )
 
     package_data = models.JSONField(
-        default=dict,
+        default=list,
         blank=True,
         help_text=_("List of Package data detected from this CodebaseResource"),
     )
@@ -1982,42 +1982,14 @@ class DiscoveredDependency(
     @classmethod
     def create_from_data(cls, project, dependency_data):
         """
-        Creates and returns a DiscoveredPackage for a `project` from the `dependency_data`.
+        Creates and returns a DiscoveredDependency for a `project` from the `dependency_data`.
         """
         if "resolved_package" in dependency_data:
             dependency_data.pop("resolved_package")
         discovered_dependency = cls(project=project, **dependency_data)
         discovered_dependency.save()
         return discovered_dependency
 
-    def update_from_data(self, dependency_data):
-        """
-        Update this discovered dependency instance with the provided `dependency_data`.
-        The `save()` is called only if at least one field was modified.
-        """
-        model_fields = DiscoveredPackage.model_fields()
-        updated_fields = []
-
-        for field_name, value in dependency_data.items():
-            skip_reasons = [
-                not value,
-                field_name not in model_fields,
-            ]
-            if any(skip_reasons):
-                continue
-
-            current_value = getattr(self, field_name, None)
-            if not current_value:
-                setattr(self, field_name, value)
-                updated_fields.append(field_name)
-            elif current_value != value:
-                pass  # TODO: handle this case
-
-        if updated_fields:
-            self.save()
-
-        return updated_fields
-
 
 class WebhookSubscription(UUIDPKModel, ProjectRelatedModel):
     target_url = models.URLField(_("Target URL"), max_length=1024)

scanpipe/pipes/__init__.py

@@ -105,29 +105,6 @@ def update_or_create_package(project, package_data, codebase_resource=None):
     return package
 
 
-def update_or_create_dependencies(project, dependency_data):
-    """
-    Gets, updates or creates a DiscoveredDependency then returns it.
-    Uses the `project` and `dependency_data` mapping to lookup and creates the
-    DiscoveredDependency using its dependency_uid and for_package_uid as a unique key.
-    """
-    try:
-        dependency = DiscoveredDependency.objects.get(
-            project=project,
-            dependency_uid=dependency_data.get("dependency_uid"),
-            for_package_uid=dependency_data.get("for_package_uid"),
-        )
-    except DiscoveredDependency.DoesNotExist:
-        dependency = None
-
-    if dependency:
-        dependency.update_from_data(dependency_data)
-    else:
-        dependency = DiscoveredDependency.create_from_data(project, dependency_data)
-
-    return dependency
-
-
 def analyze_scanned_files(project):
     """
     Sets the status for CodebaseResource to unknown or no license.

scanpipe/pipes/scancode.py

@@ -44,7 +44,7 @@
 from scancode import cli as scancode_cli
 
 from scanpipe import pipes
-from scanpipe.pipes.codebase import ProjectCodebase
+from scanpipe.models import DiscoveredDependency
 from scanpipe.models import CodebaseResource
 
 logger = logging.getLogger("scanpipe.pipes")
@@ -385,7 +385,7 @@ def assemble_packages(project):
                     pipes.update_or_create_package(project, package_data)
                 elif isinstance(item, packagedcode_models.Dependency):
                     dependency_data = item.to_dict()
-                    pipes.update_or_create_dependencies(project, dependency_data)
+                    _ = DiscoveredDependency.create_from_data(project, dependency_data)
                 elif isinstance(item, CodebaseResource):
                     seen_resource_paths.add(item.path)
                 else: