search

konveyor / analyzer-lsp

Add-on that is focused on providing analysis based on the Language Server Protocol.
Apache License 2.0
12 stars 43 forks source link

[BUG] Dependencies load fallback to invalid pom.xml #692

Open aufi opened 3 weeks ago

aufi commented 3 weeks ago

Is there an existing issue for this?

Konveyor version

latest

Priority

Minor

Current Behavior

When dependencies cannot be loaded with maven e.g. for network issues, there is a fallback to pom.xml. That file could be invalid (like https://gist.github.com/aufi/0a6fc4b30bc0b079211c46213b85ec7e). That produces error messages in analysis.log, does not populate dependencies correctly, but provides analysis result (output.yaml).

Example error messages raised by upstream analysis CI: 

 Different dependency error. Got {Resource:{ID:16 CreateUser: UpdateUser: CreateTime:2024-08-20 04:46:46.958239074 +0000 UTC} Provider:java Name:aopalliance-1.0.jar Version: Indirect:false Labels:[] SHA:}
        Expected {Resource:{ID:0 CreateUser: UpdateUser: CreateTime:0001-01-01 00:00:00 +0000 UTC} Provider:java Name:aopalliance.aopalliance Version:1.0 Indirect:false Labels:[konveyor.io/dep-source=open-source konveyor.io/language=java] SHA:0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8}.

Expected Behavior

Not really sure, could work as expected or consider fail analysis when it should have included dependencies.

How Reproducible

Always (Default)

Steps To Reproduce

  1. take a java binary app with invalid pom.xml (e.g. https://github.com/konveyor/go-konveyor-tests/blob/main/analysis/data/binary/acmeair-webapp-1.0-SNAPSHOT.war)
  2. run analysis including dependencies, e.g. for cloud-readiness target
  3. disable internet connection (enter flymode on laptop, or just switch down the network) to simulate issues with getting dependencies from internet
  4. run analysis again
  5. compare output files from steps 2 and 4:
    • check dependencies.yaml for not resolved entries (e.g. Name ending with jar)
    • check analysis.log for error messages

Environment

- not relevant, affects release-0.4 to latest (as of Aug 2024 / v0.5)
- upstream CI test: https://github.com/konveyor/go-konveyor-tests/blob/main/analysis/tc_acmeair_webapp_upload_binary.go

Anything else?

I used kantra command example for simplicity, but appears in "full" k8s Konveyor deployment too.

The acmeair webapp looks to have invalid pom.xml content, example: https://gist.github.com/aufi/0a6fc4b30bc0b079211c46213b85ec7e

konveyor-ci-bot[bot] commented 3 weeks ago

This issue is currently awaiting triage. If contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance. The triage/accepted label can be added by org members.