Inspect_manifest pipeline error for get_manifest_inputs() #1034

mjherzog · 2023-12-20T19:41:03Z

Describe the bug
I uploaded a tar.gz archive of SCWB 4.0 for an SCIO project with the inspect_manifest pipeline. The archive contains 2 manifest files: package.json and package-lock.json.

The pipeline failed with the error:

No package type found for /var/scancodeio/workspace/projects/scwb-packages-test-02-aa820b26/input/scancode-workbench-4.0.0.tar.gz

Traceback:
  File "/opt/scancodeio/scanpipe/pipelines/__init__.py", line 120, in execute
    step(self)
  File "/opt/scancodeio/scanpipe/pipelines/inspect_manifest.py", line 67, in get_packages_from_manifest
    packages = resolve.resolve_packages(input_location)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/scancodeio/scanpipe/pipes/resolve.py", line 49, in resolve_packages
    raise Exception(f"No package type found for {input_location}")

I also created a project where I uploaded just the package-lock.json file and that worked.

System configuration

Which version of ScanCode.io are you running? v3.5.2
Are you running the app using Docker? Yes
On which OS? Ubuntu

Expected behavior
I expected the inspect_manifest pipeline to find the package-lock.json file in the archive and report the npm packages (1448).

The text was updated successfully, but these errors were encountered:

The inspect_manifest pipeline is now renamed to inspect_manifests and this supports uploading a whole package/codebase archive to find manifests and resolve all packages in them, as opposed to supporting only manifests to be uploaded. Reference: #1034 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

tdruez · 2023-12-21T20:43:37Z

@mjherzog you can upload both unarchived files as a workaround.

mjherzog · 2023-12-22T00:10:56Z

I already did that and it worked, but we cannot expect a team to manually find and upload the manifest files in a codebase. This needs to be automated and the current doc indicates that the pipeline should handle the extraction.

The inspect_manifest pipeline is now renamed to inspect_manifests and this supports uploading a whole package/codebase archive to find manifests and resolve all packages in them, as opposed to supporting only manifests to be uploaded. Reference: #1034 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

Reference: #1034 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

pombredanne · 2023-12-30T09:02:54Z

I think what we need mostly is a way to inspect a codebase for packages only.

inspect_manifest should inspect an archive, BUT
the archive may contain more than manifests, so we need really something different

Here is the plan I suggest:

rename inspect_manifest to inspect_packages Rename multiple pipelines #1044 #1053 with a description that this inspects application package manifests and lockfiles and creates package and dependencies accordingly. Get it to do the equivalent of a scancode --package or the upcoming scancode --purl
create a new pipeline resolve_dependencies that will resolve deps with inspectors (only on pypi for now) and only do this, nothing else (this will not have any steps otherwise)
drop scan_codebase_packages that has a confusing name and would now be the same as inspect_packages

* Add support for codebase/packages in inspect_manifest The inspect_manifest pipeline is now renamed to inspect_manifests and this supports uploading a whole package/codebase archive to find manifests and resolve all packages in them, as opposed to supporting only manifests to be uploaded. Reference: #1034 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com> * Add test for archives as inspect_manifest input Reference: #1034 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com> * Address review feedback Reference: #1037 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com> --------- Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

Signed-off-by: tdruez <tdruez@nexb.com>

Remove scan_codebase_packages pipeline, and restructure inspect_packages pipeline into load_sbom and resolve_packages pipelines. Reference: #1035 Reference: #1034 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Restructure pipelines for verbosity Remove scan_codebase_packages pipeline, and restructure inspect_packages pipeline into load_sbom and resolve_packages pipelines. Reference: #1035 Reference: #1034 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com> * Refactor functions and improve docstrings Reference: #1074 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com> * Add unittests for new functions Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com> * Update docs and add CHANGELOG entry Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com> * Improve docstrings for pipelines Suggested-by: Philippe Ombredanne <pombredanne@nexb.com> Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com> --------- Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

mjherzog added bug Something isn't working high priority labels Dec 20, 2023

AyanSinhaMahapatra self-assigned this Dec 20, 2023

AyanSinhaMahapatra added a commit that referenced this issue Dec 22, 2023

Add test for archives as inspect_manifest input

2e3c71e

Reference: #1034 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

AyanSinhaMahapatra added a commit that referenced this issue Dec 22, 2023

Add test for archives as inspect_manifest input

aaf130c

Reference: #1034 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

AyanSinhaMahapatra added a commit that referenced this issue Dec 22, 2023

Add test for archives as inspect_manifest input

fd3c8ba

Reference: #1034 Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

AyanSinhaMahapatra mentioned this issue Dec 22, 2023

Update inspect_manifest to accept archives #1037

Merged

tdruez added a commit that referenced this issue Jan 25, 2024

Fix docstring summary for the InspectPackages pipeline #1034

71f33c7

Signed-off-by: tdruez <tdruez@nexb.com>

tdruez added a commit that referenced this issue Feb 8, 2024

Fix some failing unit tests #1034

69d88fa

Signed-off-by: tdruez <tdruez@nexb.com>

AyanSinhaMahapatra mentioned this issue Feb 9, 2024

Restructure pipelines for verbosity #1074

Merged

AyanSinhaMahapatra linked a pull request Feb 12, 2024 that will close this issue

Restructure pipelines for verbosity #1074

Merged

tdruez closed this as completed in #1074 Feb 14, 2024

swastkk mentioned this issue Mar 2, 2024

Rethink current CHANGELOG as Release Notes #1075

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Inspect_manifest pipeline error for get_manifest_inputs() #1034

Inspect_manifest pipeline error for get_manifest_inputs() #1034

mjherzog commented Dec 20, 2023

tdruez commented Dec 21, 2023

mjherzog commented Dec 22, 2023 •

edited

pombredanne commented Dec 30, 2023 •

edited by AyanSinhaMahapatra

Inspect_manifest pipeline error for get_manifest_inputs() #1034

Inspect_manifest pipeline error for get_manifest_inputs() #1034

Comments

mjherzog commented Dec 20, 2023

tdruez commented Dec 21, 2023

mjherzog commented Dec 22, 2023 • edited

pombredanne commented Dec 30, 2023 • edited by AyanSinhaMahapatra

mjherzog commented Dec 22, 2023 •

edited

pombredanne commented Dec 30, 2023 •

edited by AyanSinhaMahapatra