Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't clean sub directories if Tech not supporting Multi Module #255

Merged
merged 3 commits into from
Jan 20, 2025
Merged

Don't clean sub directories if Tech not supporting Multi Module #255

merged 3 commits into from
Jan 20, 2025
+68 −10

Conversation

attiasas
Copy link
Contributor

@attiasas attiasas commented Dec 1, 2024
edited
Loading

  • The pull request is targeting the dev branch.
  • The code has been validated to compile successfully by running go vet ./....
  • The code has been formatted properly using go fmt ./....
  • All static analysis checks passed.
  • All tests have passed. If this feature is not already covered by the tests, new tests have been added.
  • Updated the Contributing page / ReadMe page / CI Workflow files if needed.
  • All changes are detailed at the description. if not already covered at JFrog Documentation, new documentation have been added.

We support multi-module projects for the following technologies: Maven, Gradle, Nuget andDotnet

Example of Multi-Module Project Structure

Consider the following project structure:

/project-root/
├── pom.xml             // Maven Parent Module
├── module1/
│   ├── pom.xml          // Maven
│   └── src/
└── module2/
    ├── build.gradle     // Gradle
    └── src/

In this case, we will detect the following targets:

  • project-root (Maven)
  • project-root/module2 (Gradle)

While detecting the dependencies, the dependencies from project-root/module1 will be included in the dependency tree of the parent module (project-root). Therefore, all Maven dependencies in module1 will be incorporated into the analysis.

Support for Other Technologies

For other technologies, such as NPM and Go , we do not support a multi-module structure, but we still clean subdirectories that contain the same type of technology.

This PR addresses the issues associated with these technologies and improves the dependency detection process.

To revert to the old behavior (clean sub dirs from the same tech) for the technologies that do not support multi-module you can pass a new environment variable

JFROG_CLI_CLEAN_SUB_MODULES=TRUE

Consider the following project structure:

/project-root/
├── package.json         // NPM
├── go.mod               // Go
└── directory/
    └── package.json     // NPM

The following targets will be detected:

  • project-root (Npm)
  • project-root (Go)
  • project-root/directory (Npm)

While we do not support multi-module structures for certain technologies, we ensure that subdirectories are effectively cleaned based on their respective technology (for example, NPM ).

@attiasas attiasas added bug Something isn't working safe to test Approve running integration tests on a pull request labels Dec 1, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Dec 1, 2024
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Jan 20, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Jan 20, 2025
@github-actions GitHub Actions
Copy link

👍 Frogbot scanned this pull request and did not find any new security issues.

@github-actions GitHub Actions
Copy link

Merging this branch will not change overall coverage

Impacted Packages Coverage Δ 🤖
github.com/jfrog/jfrog-cli-security/utils/techutils 0.00% (ø)
Coverage by file

Changed files (no unit tests)

Changed File Coverage Δ Total Covered Missed 🤖
github.com/jfrog/jfrog-cli-security/utils/techutils/techutils.go 0.00% (ø) 0 0 0

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

Changed unit test files

  • github.com/jfrog/jfrog-cli-security/utils/techutils/techutils_test.go

@attiasas attiasas merged commit 13e8056 into jfrog:dev Jan 20, 2025
56 checks passed
@attiasas attiasas deleted the dont_clean_sub_dir_tech_not_multi_module branch January 20, 2025 11:19
@attiasas attiasas mentioned this pull request Jan 22, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eranturgeman eranturgeman eranturgeman approved these changes

@hadarshjfrog hadarshjfrog Awaiting requested review from hadarshjfrog

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@attiasas @eranturgeman