Pauldorsch/reconcile dependency graph logic

microsoft / component-detection

Scans your project to determine what components you use

MIT License

396 stars 81 forks source link

Pauldorsch/reconcile dependency graph logic #1183

Closed pauld-msft closed 1 week ago

pauld-msft commented 1 week ago

This PR has a few improvements:

reconciles the dependency graph creation between the 2 pip detectors. They now use a shared method for determining valid parents. E.g. we were ignoring extra requirements for the legacy pip, but not for PipReport, but now we treat both the same.
legacy detection was dropping packages that had non lowercase letters in their METADATA file path, so added case insensitive fallback logic
handle null or empty conditional env vars gracefully by allowing the package through rather than erroring
noticed some local parallelization issues, so only enabling for pip report for right now

The test/Microsoft.ComponentDetection.VerificationTests/resources/pip/roots/requirements.txt file added in this PR has 30 diffs in main at the moment, all in the AddedRootId section of the experiment results. Now, it has 0 diffs.

github-actions[bot] commented 1 week ago

👋 Hi! It looks like you modified some files in the Detectors folder. You may need to bump the detector versions if any of the following scenarios apply:

The detector detects more or fewer components than before
The detector generates different parent/child graph relationships than before
The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

codecov[bot] commented 1 week ago

Codecov Report

Attention: Patch coverage is 63.41463% with 15 lines in your changes missing coverage. Please review.

Project coverage is 76.2%. Comparing base (2284e06) to head (84f4eac).

Files	Patch %	Lines
...ection.Detectors/pip/PipReportComponentDetector.cs	68.1%	5 Missing and 2 partials :warning:
...entDetection.Detectors/pip/PythonCommandService.cs	0.0%	5 Missing :warning:
...ft.ComponentDetection.Detectors/pip/IPyPiClient.cs	0.0%	3 Missing :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1183 +/- ## ======================================= - Coverage 76.2% 76.2% -0.1% ======================================= Files 257 257 Lines 11440 11467 +27 Branches 1147 1151 +4 ======================================= + Hits 8723 8741 +18 - Misses 2384 2394 +10 + Partials 333 332 -1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

pauld-msft commented 1 week ago

Verify snapshots are failing due to new validation test cases being added. However, if you see the checks that ran for d70d94072e9a452b0cf5d294acfb76df025a2fa0 you can view the actual diffs, which just involve changing the dependency graph as expected