refactor: Move get dependencies enumerator to models

2025-12-10 13:43:01 -06:00 · 2024-09-28 15:59:02 +05:30 · 2024-09-28 15:59:02 +05:30 · 95c87b4f7b
commit 95c87b4f7b
parent 70511831ce
4 changed files with 52 additions and 33 deletions
--- a/go.mod
+++ b/go.mod
@ -3,8 +3,8 @@ module github.com/safedep/vet
 go 1.22.1

 require (
-	buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240927074119-125b1e169aaf.1
-	buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240927074119-125b1e169aaf.2
+	buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240928092914-054512bde05f.1
+	buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240928092914-054512bde05f.2
 	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/CycloneDX/cyclonedx-go v0.9.0
 	github.com/anchore/syft v1.11.1
--- a/go.sum
+++ b/go.sum
@ -2,8 +2,12 @@ buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.2-2024050820065
 buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.2-20240508200655-46a4cf4ba109.2/go.mod h1:ylS4c28ACSI59oJrOdW4pHS4n0Hw4TgSPHn8rpHl4Yw=
 buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240927074119-125b1e169aaf.1 h1:2ELSEnzC34KBVKPsmdzbFSUdZoCa56K/xb6bQ/QKfd4=
 buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240927074119-125b1e169aaf.1/go.mod h1:N2s2AvQRTd39jzo6zQL1b7aohwR6HF8J6pyXbBzbkak=
+buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240928092914-054512bde05f.1 h1:D25CwoCuLxqjaHYtlWmRaGXrXWeqPW3+eGWozHKRbFw=
+buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240928092914-054512bde05f.1/go.mod h1:tkD4uIlOlf/6Zt/zeRoWyfmwuV3sJdGvFolWB41YVPs=
 buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240927074119-125b1e169aaf.2 h1:UZdrFL+T3SUjJy8rX8N3HD4gb18Wp1gcPmIHKbEG3cA=
 buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240927074119-125b1e169aaf.2/go.mod h1:s12A8dY1Tq74LKOkUHLOOLXPJOaAhdVDAakFTSlB/cM=
+buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240928092914-054512bde05f.2 h1:A9H0rP48/ZhngHW/8zJj+l1zRJYakvgEMw2KuwQCBkA=
+buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240928092914-054512bde05f.2/go.mod h1:s12A8dY1Tq74LKOkUHLOOLXPJOaAhdVDAakFTSlB/cM=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
--- a/pkg/models/models.go
+++ b/pkg/models/models.go
@ -232,6 +232,37 @@ func (p *Package) DependencyPath() []*Package {
 	return dg.PathToRoot(p)
 }

+func (p *Package) GetDependencies() ([]*Package, error) {
+	graph := p.GetDependencyGraph()
+	if graph == nil {
+		return nil, fmt.Errorf("dependency graph not available")
+	}
+
+	dependencies := []*Package{}
+
+	nodes := graph.GetNodes()
+	for _, node := range nodes {
+		if node.Root {
+			continue
+		}
+
+		if node.Data == nil {
+			continue
+		}
+
+		if p.GetName() != node.Data.GetName() &&
+			p.GetVersion() != node.Data.GetVersion() &&
+			p.GetSpecEcosystem() != node.Data.GetSpecEcosystem() {
+			continue
+		}
+
+		dependencies = append(dependencies, node.Children...)
+		break
+	}
+
+	return dependencies, nil
+}
+
 func NewPackageDetail(ecosystem, name, version string) lockfile.PackageDetails {
 	return lockfile.PackageDetails{
 		Ecosystem: lockfile.Ecosystem(ecosystem),
--- a/pkg/reporter/sync.go
+++ b/pkg/reporter/sync.go
@ -87,7 +87,7 @@ func NewSyncReporter(config SyncReporterConfig) (Reporter, error) {
 	}

 	trigger := controltowerv1.ToolTrigger_TOOL_TRIGGER_MANUAL
-	source := controltowerv1.ProjectSource_PROJECT_SOURCE_OTHER
+	source := packagev1.ProjectSourceType_PROJECT_SOURCE_TYPE_UNSPECIFIED

 	logger.Debugf("Report Sync: Creating tool session for project: %s, version: %s",
 		config.ProjectName, config.ProjectVersion)
@ -216,27 +216,12 @@ func (s *syncReporter) syncPackage(pkg *models.Package) error {
 		},
 	}

-	// We should move this to models
-	graph := pkg.GetDependencyGraph()
-	if graph != nil {
-		nodes := graph.GetNodes()
-		for _, node := range nodes {
-			if node.Root {
-				continue
-			}
-
-			thisPkg := node.Data
-			if thisPkg == nil {
-				continue
-			}
-
-			if thisPkg.GetName() != pkg.GetName() &&
-				thisPkg.GetVersion() != pkg.GetVersion() &&
-				thisPkg.GetSpecEcosystem() != pkg.GetSpecEcosystem() {
-				continue
-			}
-
-			for _, child := range node.Children {
+	dependencies, err := pkg.GetDependencies()
+	if err != nil {
+		logger.Warnf("failed to get dependencies for package: %s/%s/%s: %s",
+			pkg.Manifest.Ecosystem, pkg.GetName(), pkg.GetVersion(), err.Error())
+	} else {
+		for _, child := range dependencies {
 			req.PackageVersionInsight.Dependencies = append(req.PackageVersionInsight.Dependencies, &packagev1.PackageVersion{
 				Package: &packagev1.Package{
 					Ecosystem: child.Manifest.GetControlTowerSpecEcosystem(),
@ -247,9 +232,8 @@ func (s *syncReporter) syncPackage(pkg *models.Package) error {
 			})
 		}
 	}
-	}

-	_, err := s.toolServiceClient.PublishPackageInsight(context.Background(), &req)
+	_, err = s.toolServiceClient.PublishPackageInsight(context.Background(), &req)
 	if err != nil {
 		return fmt.Errorf("failed to publish package insight: %w", err)
 	}