search

jhutchings1 / component-detection-action

MIT License
8 stars 1 forks source link

Invalid package urls for cocoapods #21

Open cnagadya opened 1 year ago

cnagadya commented 1 year ago

I get an error running the action on a repo with CocoaPods manifests

[dependency-submission](https://github.com/cnagadya-testing/component-detection/actions/runs/4619540658/jobs/8168423803#step:3:4121)
invalid package url: in manifest "/test/Microsoft.ComponentDetection.VerificationTests/resources/cocoapods/simple/Podfile.lock" decoding "pkg:cocoapods/alamofire@5.4.4?%5Bobject%20Object%5D=": invalid qualifier key: '[object object]'

I did notice though the Qualifiers generated by the CocoaPods detector are an object

    "component": {
        "name": "Alamofire",
        "version": "5.4.4",
        "specRepo": "TRUNK",
        "type": "Pod",
        "id": "Alamofire 5.4.4 - Pod",
        "packageUrl": {
          "Scheme": "pkg",
          "Type": "cocoapods",
          "Namespace": null,
          "Name": "alamofire",
          "Version": "5.4.4",
          "Qualifiers": {
            "repository_url": "TRUNK"
          },
          "Subpath": null
        }
      }

compared to other detectors like Yarn or Go were null was returned

     ....
      "component": {
        "name": "readable-stream",
        "version": "3.6.0",
        "hash": null,
        "author": null,
        "type": "Npm",
        "id": "readable-stream 3.6.0 - Npm",
        "packageUrl": {
          "Scheme": "pkg",
          "Type": "npm",
          "Namespace": null,
          "Name": "readable-stream",
          "Version": "3.6.0",
          "Qualifiers": null,
          "Subpath": null
        }
      }
      ....
      "component": {
        "name": "github.com/sirupsen/logrus",
        "version": "v1.8.1",
        "hash": "h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=",
        "packageUrl": {
          "Scheme": "pkg",
          "Type": "golang",
          "Namespace": null,
          "Name": "github.com/sirupsen/logrus",
          "Version": "h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=",
          "Qualifiers": null,
          "Subpath": null
        },
        .....
jhutchings1 commented 1 year ago

Hey @cnagadya, we should take this conversation to the microsoft/component-detection repo since they own the upstream implementation. All my action does is provide a thin wrapper around their tool. Are you good to move it there?