search

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.
https://oss-review-toolkit.org
Apache License 2.0
1.57k stars 308 forks source link

'ScanCode' must satisfy the configured criteria for looking up scan storage entries #7829

Closed woznik closed 7 months ago

woznik commented 10 months ago

Hello I have just put in place the ORT Image 6.1.0 from the recent release and I am facing a storage error for ScanCode like the one below. I tried to find a similar case in the issues but I didn't succeed

Looking for ORT configuration in the following file:
        /builds/opensource/oss-compliance-sample-projects/maven-01/.ort.conf.yml
Scanning projects with:
11:51:06.530 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'scancode --version' in '/builds/opensource/oss-compliance-sample-projects/maven-01'...
        ScanCode (version 32.0.6)
Scanning packages with:
11:51:07.577 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'scancode --version' in '/builds/opensource/oss-compliance-sample-projects/maven-01'...
        ScanCode (version 32.0.6)
11:51:08.413 [main] INFO  org.ossreviewtoolkit.plugins.commands.scanner.ScannerCommand - Using the following scan storages for reading results: [ProvenanceBasedFileStorage]
11:51:08.413 [main] INFO  org.ossreviewtoolkit.plugins.commands.scanner.ScannerCommand - Using the following scan storages for writing results: [ProvenanceBasedFileStorage]
Exception in thread "main" java.lang.IllegalArgumentException: The scanner details of scanner 'ScanCode' must satisfy the configured criteria for looking up scan storage entries.
    at org.ossreviewtoolkit.scanner.Scanner.<init>(Scanner.kt:95)
    at org.ossreviewtoolkit.scanner.Scanner.<init>(Scanner.kt:76)
    at org.ossreviewtoolkit.plugins.commands.scanner.ScannerCommand.runScanners(ScannerCommand.kt:219)
    at org.ossreviewtoolkit.plugins.commands.scanner.ScannerCommand.run(ScannerCommand.kt:153)
    at com.github.ajalt.clikt.parsers.Parser.parse(Parser.kt:306)
    at com.github.ajalt.clikt.parsers.Parser.parse(Parser.kt:319)
    at com.github.ajalt.clikt.parsers.Parser.parse(Parser.kt:40)
    at com.github.ajalt.clikt.core.CliktCommand.parse(CliktCommand.kt:458)
    at com.github.ajalt.clikt.core.CliktCommand.parse$default(CliktCommand.kt:455)
    at com.github.ajalt.clikt.core.CliktCommand.main(CliktCommand.kt:475)
    at com.github.ajalt.clikt.core.CliktCommand.main(CliktCommand.kt:482)
    at org.ossreviewtoolkit.cli.OrtMainKt.main(OrtMain.kt:72)

The configuration that I use is:

config:
      # A map from scanner plugin types to the plugin configuration.
      ScanCode:
        options:
          # Command line options that affect the ScanCode output. If changed, stored scan results that were created with
          # different options are not reused.
          commandLine: '--copyright --license --info --strip-root --timeout 300'

          # Command line options that do not affect the ScanCode output.
          commandLineNonConfig: '--processes 4'

          # Criteria for matching stored scan results. These can be configured for any scanner that uses semantic
          # versioning. Note that the 'maxVersion' is exclusive and not part of the range of accepted versions.
          minVersion: '3.2.1-rc2'
          maxVersion: '32.0.0'
    storages:
      http:
        backend:
          httpFileStorage:
            url: "XXXXXXXXX/artifactory/oss-review-toolkit-virt-generic-stable/ort"
            headers:
              X-JFrog-Art-Api: "XXXXXXXX"
    # Storage readers are listed from highest to lower priority, i.e. the first match wins.
    storageReaders: [http]
    # For storage writers no priority is implied by the order; scan results are stored for all writers.
    storageWriters: [http]

Is there something more that should be configured ?

Thank you in advanced

woznik commented 10 months ago

Once I changed the value maxVersion: '32.0.0' to maxVersion: '32.0.8' the issue does not appear anymore

sschuberth commented 10 months ago

Once I changed the value maxVersion: '32.0.0' to maxVersion: '32.0.8' the issue does not appear anymore

That's probably because the maxVersion is exclusive, and if you're using ScanCode version 32.0.0 you'd basically not be able to read back your own results if you configure maxVersion: '32.0.0'.

BTW, the idea behind maxVersion being exclusive is that this way you can easily accept version up to a new major / minor version, like with maxVersion: '32.1.0' you would accept all patch-level updates of version 32.

sschuberth commented 10 months ago

@woznik, does this clarify things so that the issue can be closed?

woznik commented 10 months ago

Hello As I resolved the issue with the change a bove and noone wants to add any new comment on this I am closing the issue

woznik commented 7 months ago

Hello I need to reopen the isse as it came back after using the most recent ort public image When I use the following release: ghcr.io/oss-review-toolkit/ort-minimal:snapshot or ghcr.io/oss-review-toolkit/ort:snapshot With a config setup as in the snippet above I am facing a following error:

Scanning projects with:
10:17:11.546 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'scancode --version' in '/builds/opensource/tooling/ort-******/maven-01'...
        ScanCode (version 32.0.8)
Scanning packages with:
10:17:13.058 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'scancode --version' in '/builds/opensource/tooling/ort-******/maven-01'...
        ScanCode (version 32.0.8)
10:17:14.873 [main] INFO  org.ossreviewtoolkit.plugins.commands.scanner.ScannerCommand - Using the following scan storages for reading results: [ProvenanceBasedFileStorage]
10:17:14.874 [main] INFO  org.ossreviewtoolkit.plugins.commands.scanner.ScannerCommand - Using the following scan storages for writing results: [ProvenanceBasedFileStorage]
Exception in thread "main" java.lang.IllegalArgumentException: The scanner details of scanner 'ScanCode' must satisfy the configured criteria for looking up scan storage entries.
    at org.ossreviewtoolkit.scanner.Scanner.<init>(Scanner.kt:95)
    at org.ossreviewtoolkit.scanner.Scanner.<init>(Scanner.kt:76)
    at org.ossreviewtoolkit.plugins.commands.scanner.ScannerCommand.runScanners(ScannerCommand.kt:207)
    at org.ossreviewtoolkit.plugins.commands.scanner.ScannerCommand.run(ScannerCommand.kt:141)
    at com.github.ajalt.clikt.parsers.Parser.parse(Parser.kt:279)
    at com.github.ajalt.clikt.parsers.Parser.parse(Parser.kt:292)
    at com.github.ajalt.clikt.parsers.Parser.parse(Parser.kt:41)
    at com.github.ajalt.clikt.core.CliktCommand.parse(CliktCommand.kt:457)
    at com.github.ajalt.clikt.core.CliktCommand.parse$default(CliktCommand.kt:454)
    at com.github.ajalt.clikt.core.CliktCommand.main(CliktCommand.kt:474)
    at com.github.ajalt.clikt.core.CliktCommand.main(CliktCommand.kt:481)
    at org.ossreviewtoolkit.cli.OrtMainKt.main(OrtMain.kt:85)

Do you have any solution that may resolve the error? Thanks in advance

sschuberth commented 7 months ago

With a config setup as in the snippet above I am facing a following error:

So you're still using maxVersion: '32.0.8'?

Do you have any solution that may resolve the error?

As written above, if you use ScanCode 32.0.8, you should configure e.g. maxVersion: '32.1.0', i.e. the next minor level version.

woznik commented 7 months ago

Hello @sschuberth Sadly I have the same results with 32.1.0. ORT uses anyway 32.0.8

# versioning. Note that the 'maxVersion' is exclusive and not part of the range of accepted versions.
          minVersion: '3.2.1-rc2'
          maxVersion: '32.1.0'
Looking for ORT configuration in the following file:
        /tmp/.ort/config/.ort.conf.yml
Projects will not be scanned.
Scanning packages with:
14:16:37.278 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'scancode --version' in '/builds/opensource/oss-compliance-sample-projects/maven-01'...
        ScanCode (version 32.0.8)

Additionally in the comment above to the ort config file is # versioning. Note that the 'maxVersion' is exclusive and not part of the range of accepted versions.

The issue does not occur for the image:

ghcr.io/oss-review-toolkit/ort:20231114

sschuberth commented 7 months ago

Sadly I have the same results with 32.1.0. ORT uses anyway 32.0.8

Yes, that's the intention. ORT will still scan with ScanCode 32.0.8 that's installed in the Docker image. But it will now accept stored scan results from versions < 32.1.0, which includes version 32.0.8 that you are using.

Previously, your configuration basically did forbid ORT to reuse the scan results that you created.

woznik commented 7 months ago

I can confirm that the setup:

minVersion: '3.2.1-rc2'
maxVersion: '32.1.0'

Works well with the

ghcr.io/oss-review-toolkit/ort-minimal:snapshot coresponding to ghcr.io/oss-review-toolkit/ort-minimal:15.3.0-SNAPSHOT

closing the issue