feat: separate out npm and yarn

Signed-off-by: Tim Yarkov <[email protected]>

scripts/dev_scripts/integration_tests.sh

@@ -100,6 +100,16 @@ $RUN_MACARON analyze -rp https://github.com/uiv-lib/uiv -b dev -d 057b25b4db0913
 
 python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail
 
+echo -e "\n----------------------------------------------------------------------------------"
+echo "facebook/yoga: Analysing the repo path, the branch name and the commit digest for an NPM project,"
+echo "skipping dependency resolution."
+echo -e "----------------------------------------------------------------------------------\n"
+JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/yoga/yoga.json
+JSON_RESULT=$WORKSPACE/output/reports/github_com/facebook/facebook/yoga.json
+$RUN_MACARON analyze -rp https://github.com/facebook/yoga -b main -d f8e2bc0875c145c429d0e865c9b83a40f65b3070 --skip-deps || log_fail
+
+python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail
+
 echo -e "\n----------------------------------------------------------------------------------"
 echo "sigstore/sget: Analysing the repo path, the branch name and the"
 echo "commit digest for a Go project, skipping dependency resolution."

src/macaron/config/defaults.ini

@@ -319,6 +319,20 @@ deploy_arg =
 github_actions =
     JS-DevTools/npm-publish
 
+[builder.yarn]
+entry_conf =
+    .yarnrc
+build_configs =
+    package.json
+package_lock =
+    package-lock.json
+builder =
+    yarn
+build_arg =
+    build
+deploy_arg =
+    publish
+
 [builder.go]
 entry_conf =
 build_configs =

src/macaron/slsa_analyzer/build_tool/__init__.py

@@ -3,15 +3,15 @@
 
 """The build_tool package contains the supported build tools for Macaron."""
 
-from macaron.slsa_analyzer.build_tool.go import Go
-from macaron.slsa_analyzer.build_tool.npm import NPM
-
 from .base_build_tool import BaseBuildTool
+from .go import Go
 from .gradle import Gradle
 from .maven import Maven
+from .npm import NPM
 from .pip import Pip
 from .poetry import Poetry
+from .yarn import Yarn
 
 # The list of supported build tools. The order of the list determine the order
 # in which each build tool is checked against the target repository.
-BUILD_TOOLS: list[BaseBuildTool] = [Gradle(), Maven(), Poetry(), Pip(), NPM(), Go()]
+BUILD_TOOLS: list[BaseBuildTool] = [Gradle(), Maven(), Poetry(), Pip(), NPM(), Yarn(), Go()]

src/macaron/slsa_analyzer/build_tool/npm.py

@@ -3,7 +3,7 @@
 
 """This module contains the NPM class which inherits BaseBuildTool.
 
-This module is used to work with repositories that use NPM or Yarn as its
+This module is used to work with repositories that use NPM as its
 build tool.
 """
 

src/macaron/slsa_analyzer/build_tool/yarn.py

@@ -0,0 +1,90 @@
+# Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
+
+"""This module contains the Yarn class which inherits BaseBuildTool.
+
+This module is used to work with repositories that use Yarn as its
+build tool.
+"""
+
+from macaron.config.defaults import defaults
+from macaron.dependency_analyzer.dependency_resolver import DependencyAnalyzer, NoneDependencyAnalyzer
+from macaron.slsa_analyzer.build_tool.base_build_tool import BaseBuildTool, file_exists
+
+
+class Yarn(BaseBuildTool):
+    """This class contains the information of the yarn build tool."""
+
+    def __init__(self) -> None:
+        super().__init__(name="yarn")
+
+    def load_defaults(self) -> None:
+        """Load the default values from defaults.ini."""
+        if "builder.yarn" in defaults:
+            for item in defaults["builder.yarn"]:
+                if hasattr(self, item):
+                    setattr(self, item, defaults.get_list("builder.yarn", item))
+
+        # TODO: Find a suitable github action for Yarn
+        # if "builder.yarn.ci.deploy" in defaults:
+        #     for item in defaults["builder.yarn.ci.deploy"]:
+        #         if item in self.ci_deploy_kws:
+        #             self.ci_deploy_kws[item] = defaults.get_list("builder.yarn.ci.deploy", item)
+
+    def is_detected(self, repo_path: str) -> bool:
+        """Return True if this build tool is used in the target repo.
+
+        Parameters
+        ----------
+        repo_path : str
+            The path to the target repo.
+
+        Returns
+        -------
+        bool
+            True if this build tool is detected, else False.
+        """
+        # TODO: When more complex build detection is being implemented, consider
+        #       cases like .yarnrc existing but not package-lock.json and whether
+        #       they would still count as "detected"
+        yarn_config_files = self.build_configs + self.package_lock + self.entry_conf
+        for file in yarn_config_files:
+            if file_exists(repo_path, file):
+                return True
+
+        return False
+
+    def prepare_config_files(self, wrapper_path: str, build_dir: str) -> bool:
+        """Prepare the necessary wrapper files for running the build.
+
+        yarn doesn't require preparation, so return true.
+
+        Parameters
+        ----------
+        wrapper_path : str
+            The path where all necessary wrapper files are located.
+        build_dir : str
+            The path of the build dir. This is where all files are copied to.
+
+        Returns
+        -------
+        bool
+            True if succeed else False.
+        """
+        return True
+
+    def get_dep_analyzer(self, repo_path: str) -> DependencyAnalyzer:
+        """Create a DependencyAnalyzer for the build tool.
+
+        Parameters
+        ----------
+        repo_path: str
+            The path to the target repo.
+
+        Returns
+        -------
+        DependencyAnalyzer
+            The DependencyAnalyzer object.
+        """
+        # TODO: Implement this method.
+        return NoneDependencyAnalyzer()

tests/conftest.py

@@ -16,6 +16,7 @@
 from macaron.slsa_analyzer.build_tool.npm import NPM
 from macaron.slsa_analyzer.build_tool.pip import Pip
 from macaron.slsa_analyzer.build_tool.poetry import Poetry
+from macaron.slsa_analyzer.build_tool.yarn import Yarn
 from macaron.slsa_analyzer.ci_service.circleci import CircleCI
 from macaron.slsa_analyzer.ci_service.github_actions import GitHubActions
 from macaron.slsa_analyzer.ci_service.gitlab_ci import GitLabCI
@@ -169,6 +170,25 @@ def npm_tool(setup_test) -> NPM:  # type: ignore # pylint: disable=unused-argume
     return npm
 
 
+@pytest.fixture(autouse=True)
+def yarn_tool(setup_test) -> Yarn:  # type: ignore # pylint: disable=unused-argument
+    """Create a Yarn tool instance.
+
+    Parameters
+    ----------
+    setup_test
+        Depends on setup_test fixture.
+
+    Returns
+    -------
+    Yarn
+        The Yarn instance.
+    """
+    yarn = Yarn()
+    yarn.load_defaults()
+    return yarn
+
+
 @pytest.fixture(autouse=True)
 def go_tool(setup_test) -> Go:  # type: ignore # pylint: disable=unused-argument
     """Create a Go tool instance.