Use project_purl to push scan result

Signed-off-by: Keshav Priyadarshi <[email protected]>

scanpipe/pipelines/publish_to_federatedcode.py

@@ -21,54 +21,65 @@
 # Visit https://github.com/aboutcode-org/scancode.io for support and download.
 
 
+from packageurl import PackageURL
+
 from scanpipe.pipelines import Pipeline
 from scanpipe.pipes import federatedcode
 
 
 class PublishToFederatedCode(Pipeline):
-    """Publish package scan to FederatedCode Git repository."""
+    """Publish package scan to FederatedCode."""
 
     download_inputs = False
     is_addon = True
 
     @classmethod
     def steps(cls):
         return (
-            cls.get_package,
+            cls.get_project_purl,
             cls.get_package_repository,
             cls.clone_repository,
             cls.add_scan_result,
             cls.commit_and_push_changes,
             cls.delete_local_clone,
         )
 
-    def get_package(self):
-        """Get the package associated with the scan."""
-        has_single_package_scan = any(
-            run.pipeline_name == "scan_single_package"
-            for run in self.project.runs.all()
-            if run.task_exitcode == 0
+    def get_project_purl(self):
+        """Get the PURL for the project."""
+        all_executed_pipeline_successful = all(
+            run.task_succeeded for run in self.project.runs.executed()
+        )
+
+        source_is_download_url = any(
+            source.download_url for source in self.project.inputsources.all()
         )
 
-        if not has_single_package_scan:
-            raise Exception("Run ``scan_single_package`` pipeline to get package scan.")
+        if not all_executed_pipeline_successful:
+            raise Exception("Make sure all the pipelines has completed successfully.")
 
-        if not self.project.discoveredpackages.count() == 1:
-            raise Exception("Scan should be for single package.")
+        if not source_is_download_url:
+            raise Exception("Project input should be download_url.")
 
-        if not self.project.discoveredpackages.first().version:
-            raise Exception("Scan package is missing version.")
+        if not self.project.project_purl:
+            raise Exception("Missing Project PURL.")
+
+        project_package_url = PackageURL.from_string(self.project.project_purl)
+
+        if not project_package_url.version:
+            raise Exception("Missing version in Project PURL.")
 
         configured, error = federatedcode.is_configured()
         if not configured:
             raise Exception(error)
 
-        self.package = self.project.discoveredpackages.first()
+        self.project_package_url = project_package_url
 
     def get_package_repository(self):
         """Get the Git repository URL and scan path for a given package."""
         self.package_git_repo, self.package_scan_file = (
-            federatedcode.get_package_repository(package=self.package, logger=self.log)
+            federatedcode.get_package_repository(
+                project_purl=self.project_package_url, logger=self.log
+            )
         )
 
     def clone_repository(self):
@@ -92,10 +103,13 @@ def commit_and_push_changes(self):
         federatedcode.commit_and_push_changes(
             repo=self.repo,
             file_to_commit=str(self.relative_file_path),
-            purl=self.package.purl,
+            purl=str(self.project_package_url),
             logger=self.log,
         )
-        self.log(f"Scan for '{self.package.purl}' pushed to '{self.package_git_repo}'")
+        self.log(
+            f"Scan result for '{str(self.project_package_url)}' "
+            f"pushed to '{self.package_git_repo}'"
+        )
 
     def delete_local_clone(self):
         """Remove local clone."""

scanpipe/pipes/federatedcode.py

@@ -53,13 +53,13 @@ def is_configured():
     return True, ""
 
 
-def get_package_repository(package, logger=None):
+def get_package_repository(project_purl, logger=None):
     """Return the Git repository URL and scan path for a given package."""
     FEDERATEDCODE_GIT_ACCOUNT_URL = f'{settings.FEDERATEDCODE_GIT_ACCOUNT.rstrip("/")}/'
-    package_base_dir = hashid.get_package_base_dir(purl=package.purl)
+    package_base_dir = hashid.get_package_base_dir(purl=str(project_purl))
     package_repo_name = package_base_dir.parts[0]
 
-    package_scan_path = package_base_dir / package.version / "scancodeio.json"
+    package_scan_path = package_base_dir / project_purl.version / "scancodeio.json"
     package_git_repo_url = urljoin(
         FEDERATEDCODE_GIT_ACCOUNT_URL, f"{package_repo_name}.git"
     )
@@ -124,7 +124,7 @@ def commit_and_push_changes(
 
     repo.index.add([file_to_commit])
     repo.index.commit(textwrap.dedent(commit_message))
-    repo.git.push(remote_name, default_branch)
+    repo.git.push(remote_name, default_branch, "--no-verify")
 
 
 def delete_local_clone(repo):

setup.cfg

@@ -106,7 +106,7 @@ install_requires =
     # Antivirus
     clamd==1.0.2
     # FederatedCode
-    aboutcode.hashid>=0.1.0
+    aboutcode.hashid==0.1.0
 
 [options.extras_require]
 dev =