Make packagemanager PNPM configurable #11200
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -29,6 +29,7 @@ | |
| import org.ossreviewtoolkit.model.config.Excludes | ||
| import org.ossreviewtoolkit.model.utils.DependencyGraphBuilder | ||
| import org.ossreviewtoolkit.plugins.api.OrtPlugin | ||
| import org.ossreviewtoolkit.plugins.api.OrtPluginOption | ||
| import org.ossreviewtoolkit.plugins.api.PluginDescriptor | ||
| import org.ossreviewtoolkit.plugins.packagemanagers.node.ModuleInfoResolver | ||
| import org.ossreviewtoolkit.plugins.packagemanagers.node.NodePackageManager | ||
|
|
@@ -44,6 +45,27 @@ | |
| import org.semver4j.range.RangeList | ||
| import org.semver4j.range.RangeListFactory | ||
|
|
||
| data class PnPMConfig( | ||
| /** | ||
| * The version of PNPM to use when analyzing projects. Defaults to the version 10.24.0 | ||
| */ | ||
| val pnpmVersion: String?, | ||
|
|
||
| /** | ||
| * Ignore "pnpmfile" when analyzing projects. Defaults to "--ignore-pnpmfile" | ||
|
Member
There was a problem hiding this comment. If the KDoc mention the default value, it should imho use the Boolean type. |
||
| */ | ||
| @OrtPluginOption(defaultValue = "true") | ||
| val ignore_pnpmfile: Boolean, | ||
|
Member
There was a problem hiding this comment. Please stick to camel-case option names.
Comment on lines
+54
to
+58
Check warningCode scanning / detekt Constructor parameter names should follow the naming convention set in the projects configuration. Warning Check noticeCode scanning / QDJVMC Property naming convention Note |
||
|
|
||
| /** | ||
| * Ignore "pnpmfile" when analyzing projects. Defaults to ""--ignore-scripts" | ||
| */ | ||
| @OrtPluginOption(defaultValue = "true") | ||
| val ignore_scripts: Boolean, | ||
|
Member
There was a problem hiding this comment. Would you have a rationale, why this needs to be configurable?
Member
There was a problem hiding this comment.
I've seen cases where scripts generate files for other package managers in a multi-package-manager-setup.
Member
There was a problem hiding this comment. Can you please share one such case? And also, are you sure this realted to
Member
There was a problem hiding this comment.
Unfortunately not, it has been a private repository. But this project has a similar concept where
I'm not sure, but the docs are very generic and say "Do not execute any scripts defined in the project
I'm not sure what that means. There certainly are project setups where you need to know in which order to build things to get the right results, i.e. use ORT's What's the problem with making this configurable?
Author
There was a problem hiding this comment. In our case, the pnpmfile-mechanism is used to generate code during the build. The pnpm install won't work with --ignore-pnpmfile. I added the second variable only for completness.
Member
There was a problem hiding this comment.
If it's needed to make it configurable, there is no problem at all.
Member
There was a problem hiding this comment. How is the need for
Member
There was a problem hiding this comment. I guess we generally should make things configurable if they deviate from the package manager's default. PNPM's default is to not ignore scripts, and if we'd hard-code to do ignore script, that might be different from what users expect.
Member
There was a problem hiding this comment.
I believe we used to follow the rule to make things configurable only if needed, and not if it deviates from default.
Comment on lines
+60
to
+64
Check warningCode scanning / detekt Constructor parameter names should follow the naming convention set in the projects configuration. Warning Check warningCode scanning / detekt Rule to mandate/forbid trailing commas at declaration sites Warning Check noticeCode scanning / QDJVMC Property naming convention Note |
||
|
|
||
|
|
||
Check warningCode scanning / detekt Reports consecutive blank lines Warning Check warningCode scanning / detekt Detects trailing spaces Warning |
||
| ) | ||
|
|
||
| internal object PnpmCommand : CommandLineTool { | ||
| override fun command(workingDir: File?) = if (Os.isWindows) "pnpm.cmd" else "pnpm" | ||
|
|
||
|
|
@@ -62,8 +84,9 @@ | |
| description = "The PNPM package manager for Node.js.", | ||
| factory = PackageManagerFactory::class | ||
| ) | ||
| class Pnpm(override val descriptor: PluginDescriptor = PnpmFactory.descriptor, private val config: PnPMConfig) : | ||
Check warningCode scanning / detekt Detects trailing spaces Warning |
||
| NodePackageManager(NodePackageManagerType.PNPM) { | ||
|
|
||
Check warningCode scanning / detekt Detects trailing spaces Warning |
||
| override val globsForDefinitionFiles = listOf(NodePackageManagerType.DEFINITION_FILE) | ||
|
|
||
| private val moduleInfoResolver = ModuleInfoResolver.create { workingDir, moduleId -> | ||
|
|
@@ -146,10 +169,11 @@ | |
| } | ||
|
|
||
| private fun installDependencies(workingDir: File, scopes: Collection<Scope>) { | ||
|
|
||
Check warningCode scanning / detekt Reports methods that have an empty first line. Warning Check warningCode scanning / detekt Detects trailing spaces Warning |
||
| val args = listOfNotNull( | ||
| "install", | ||
| "--ignore-pnpmfile".takeIf { config.ignore_pnpmfile }, | ||
| "--ignore-scripts".takeIf { config.ignore_scripts }, | ||
| "--frozen-lockfile", // Use the existing lockfile instead of updating an outdated one. | ||
| "--prod".takeUnless { Scope.DEV_DEPENDENCIES in scopes } | ||
| ) | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be unused.