oss-review-toolkit / ort

A suite of tools to automate software compliance checks.
https://oss-review-toolkit.org
Apache License 2.0
1.6k stars 309 forks source link

Allow multiple package-configurations with same ID and provenance #6972

Open MarcelBochtler opened 1 year ago

MarcelBochtler commented 1 year ago

At the moment ORT does not allow package-configurations with the same ID and provenance, and throws an exception:

https://github.com/oss-review-toolkit/ort/blob/4e2f276fa5a459d05f30a69d34e6c38ae3f3135b/model/src/main/kotlin/utils/SimplePackageConfigurationProvider.kt#L74-L79

As package-configurations can be set up in multiple locations (.ort.yml and the directory given to --package-configurations-dir), it should be allowed to have multiple package-configurations with the same matchers.

For curations, this already works as expected, and the logic is to use the one from .ort.yml first, and the one configured for ORT afterward.

sschuberth commented 1 year ago

Very much related to https://github.com/oss-review-toolkit/ort/issues/6873.

sschuberth commented 4 months ago

As discussed @MarcelBochtler, please verify whether your use-case still makes use of SimplePackageConfigurationProvider and its check:

https://github.com/oss-review-toolkit/ort/blob/811daef3d35abb440a1ad044bcbf14738fc95767/plugins/package-configuration-providers/api/src/main/kotlin/SimplePackageConfigurationProvider.kt#L47-L58

sschuberth commented 4 months ago

I can confirm that the issue is still there. With the OrtConfig package configuration provider enabled in addition to our own one (implemented in a plugin) I get:

10:33:18.323 [main] INFO  org.ossreviewtoolkit.plugins.commands.api.utils.ExtensionsKt - Read ORT result from 'current-result.yml' (71.69 MiB) in 4.012595895s.
Exception in thread "main" java.lang.IllegalArgumentException: There must be at most one package configuration per Id and provenance, but found multiple for:
  Key(id=Identifier(type=Maven, namespace=org.apache.commons, name=commons-compress, version=1.26.2), sourceArtifactUrl=null, vcsMatcher=VcsMatcher(type=Git, url=https://gitbox.apache.org/repos/asf/commons-compress.git, revision=95727006cac0892c654951c4e7f1db142462f22a)).
    at org.ossreviewtoolkit.plugins.packageconfigurationproviders.api.SimplePackageConfigurationProviderKt.checkAtMostOneConfigurationPerIdAndProvenance(SimplePackageConfigurationProvider.kt:54)
    at org.ossreviewtoolkit.plugins.packageconfigurationproviders.api.SimplePackageConfigurationProviderKt.access$checkAtMostOneConfigurationPerIdAndProvenance(SimplePackageConfigurationProvider.kt:1)
    at org.ossreviewtoolkit.plugins.packageconfigurationproviders.api.SimplePackageConfigurationProvider.<init>(SimplePackageConfigurationProvider.kt:38)
    at org.ossreviewtoolkit.plugins.commands.reporter.ReporterCommand.run(ReporterCommand.kt:219)
    at com.github.ajalt.clikt.parsers.Parser.finalizeAndRun(Parser.kt:348)
    at com.github.ajalt.clikt.parsers.Parser.parse(Parser.kt:218)
    at com.github.ajalt.clikt.parsers.Parser.parse(Parser.kt:245)
    at com.github.ajalt.clikt.parsers.Parser.parse(Parser.kt:42)
    at com.github.ajalt.clikt.core.CliktCommand.parse(CliktCommand.kt:457)
    at com.github.ajalt.clikt.core.CliktCommand.parse$default(CliktCommand.kt:454)
    at com.github.ajalt.clikt.core.CliktCommand.main(CliktCommand.kt:474)
    at com.github.ajalt.clikt.core.CliktCommand.main(CliktCommand.kt:481)
    at org.ossreviewtoolkit.cli.OrtMainKt.main(OrtMain.kt:85)