feat(package-manager): Add initial support for the Swift Package Manager

This is based on oss-review-toolkit#5092 (and oss-review-toolkit#6114). Resolves oss-review-toolkit#723. Signed-off-by: UgniusV <[email protected]> Signed-off-by: Sebastian Schuberth <[email protected]>
boschglobal · Jul 12, 2023 · 27eff71 · 27eff71
1 parent e043a04
commit 27eff71
Show file tree

Hide file tree

Showing 26 changed files with 1,503 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -338,6 +338,22 @@ RUN curl -L https://github.com/sbt/sbt/releases/download/v$SBT_VERSION/sbt-$SBT_
 FROM scratch AS sbt
 COPY --from=sbtbuild /opt/sbt /opt/sbt
 
+#------------------------------------------------------------------------
+# SPM
+FROM ort-base-image AS spmbuild
+
+ARG SWIFT_VERSION=5.8.1
+
+ENV SWIFT_HOME=/opt/swift
+ENV PATH=$PATH:$SWIFT_HOME/bin
+
+RUN mkdir $SWIFT_HOME \
+    && curl -L https://download.swift.org/swift-$SWIFT_VERSION-release/ubuntu2204/swift-$SWIFT_VERSION-RELEASE/swift-$SWIFT_VERSION-RELEASE-ubuntu22.04.tar.gz \
+    | tar -xz -C $SWIFT_HOME --strip-components=2
+
+FROM scratch AS spm
+COPY --from=spmbuild /opt/swift /opt/swift
+
 #------------------------------------------------------------------------
 # ORT
 FROM ort-base-image as ortbuild
@@ -445,6 +461,11 @@ ENV SBT_HOME=/opt/sbt
 ENV PATH=$PATH:$SBT_HOME/bin
 COPY --from=sbt --chown=$USER:$USER $SBT_HOME $SBT_HOME
 
+# SPM
+ENV SWIFT_HOME=/opt/swift
+ENV PATH=$PATH:$SWIFT_HOME/bin
+COPY --from=spm --chown=$USER:$USER $SWIFT_HOME $SWIFT_HOME
+
 # PHP composer
 ARG COMPOSER_VERSION=2.2
 

diff --git a/Dockerfile-legacy b/Dockerfile-legacy
@@ -80,16 +80,18 @@ ENV \
     PYTHON_PIPENV_VERSION=2022.9.24 \
     PYTHON_POETRY_VERSION=1.2.2 \
     SBT_VERSION=1.6.1 \
+    SWIFT_VERSION=5.8.1 \
     YARN_VERSION=1.22.17 \
     # SDK versions.
     ANDROID_SDK_VERSION=9477386 \
     # Installation directories.
     ANDROID_HOME=/opt/android-sdk \
     GOBIN=/opt/go/bin \
-    GOPATH=/tmp/go
+    GOPATH=/tmp/go \
+    SWIFT_HOME=/opt/swift
 
 ENV DEBIAN_FRONTEND=noninteractive \
-    PATH="$PATH:$GOPATH/bin:$GOBIN:/opt/ort/bin"
+    PATH="$PATH:$GOPATH/bin:$GOBIN:$SWIFT_HOME/bin:/opt/ort/bin"
 
 # Apt install commands.
 RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \
@@ -160,6 +162,9 @@ RUN /opt/ort/bin/export_proxy_certificates.sh /tmp/certificates/ && \
     curl -ksS https://dl.google.com/go/go$GO_VERSION.linux-amd64.tar.gz | tar -C /opt -xz && \
     curl -ksS https://raw.githubusercontent.com/golang/dep/v$GO_DEP_VERSION/install.sh | sh && \
     curl -ksS https://raw.githubusercontent.com/commercialhaskell/stack/v$HASKELL_STACK_VERSION/etc/scripts/get-stack.sh | sh && \
+    mkdir -p $SWIFT_HOME && \
+    curl -L https://download.swift.org/swift-$SWIFT_VERSION-release/ubuntu2204/swift-$SWIFT_VERSION-RELEASE/swift-$SWIFT_VERSION-RELEASE-ubuntu22.04.tar.gz \
+        | tar -xz -C $SWIFT_HOME --strip-components=2 && \
     # Install SDKs required for analysis.
     curl -Os https://dl.google.com/android/repository/commandlinetools-linux-${ANDROID_SDK_VERSION}_latest.zip && \
     unzip -q commandlinetools-linux-${ANDROID_SDK_VERSION}_latest.zip -d $ANDROID_HOME && \

diff --git a/README.md b/README.md
@@ -398,6 +398,7 @@ supported:
     [no `cartfile.private`](https://github.com/oss-review-toolkit/ort/issues/3774))
   * [CocoaPods](https://github.com/CocoaPods/CocoaPods) (limitations:
     [no custom source repositories](https://github.com/oss-review-toolkit/ort/issues/4188))
+  * [Swift Package Manager](https://www.swift.org/package-manager)
 * PHP
   * [Composer](https://getcomposer.org/)
 * Python

diff --git a/cli/src/funTest/kotlin/PackageManagerFunTest.kt b/cli/src/funTest/kotlin/PackageManagerFunTest.kt
@@ -70,6 +70,8 @@ class PackageManagerFunTest : WordSpec({
         "sbt/build.sbt",
         "spdx-package/package.spdx.yml",
         "spdx-project/project.spdx.yml",
+        "spm-app/Package.resolved",
+        "spm-lib/Package.swift",
         "stack/stack.yaml"
     )
 
@@ -131,6 +133,10 @@ class PackageManagerFunTest : WordSpec({
                     "spdx-package/package.spdx.yml",
                     "spdx-project/project.spdx.yml"
                 )
+                managedFilesByName["SPM"] should containExactlyInAnyOrder(
+                    "spm-app/Package.resolved",
+                    "spm-lib/Package.swift"
+                )
                 managedFilesByName["Stack"] should containExactly("stack/stack.yaml")
                 managedFilesByName["Yarn"] should containExactly("npm-pnpm-and-yarn/package.json")
             }

diff --git a/plugins/package-managers/spm/build.gradle.kts b/plugins/package-managers/spm/build.gradle.kts
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2023 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+plugins {
+    // Apply precompiled plugins.
+    id("ort-library-conventions")
+}
+
+dependencies {
+    api(project(":analyzer"))
+    api(project(":model"))
+    api(project(":utils:common-utils")) {
+        because("This is a CommandLineTool.")
+    }
+
+    api(libs.semver4j) {
+        because("This is a CommandLineTool.")
+    }
+
+    implementation(project(":downloader"))
+    implementation(project(":utils:ort-utils"))
+    implementation(project(":utils:spdx-utils"))
+
+    implementation(libs.jacksonDatabind)
+    implementation(libs.jacksonModuleKotlin)
+
+    funTestImplementation(testFixtures(project(":analyzer")))
+}
diff --git a/plugins/package-managers/spm/src/funTest/assets/projects/synthetic/spm-app/.gitignore b/plugins/package-managers/spm/src/funTest/assets/projects/synthetic/spm-app/.gitignore
@@ -0,0 +1 @@
+/.build
diff --git a/plugins/package-managers/spm/src/funTest/assets/projects/synthetic/spm-app/Package.resolved b/plugins/package-managers/spm/src/funTest/assets/projects/synthetic/spm-app/Package.resolved
@@ -0,0 +1,48 @@
+{
+  "object": {
+    "pins": [
+      {
+        "package": "grpc-swift",
+        "repositoryURL": "https://github.com/grpc/grpc-swift.git",
+        "state": {
+          "branch": null,
+          "revision": "efb67a324eaf1696b50e66bc471a53690e41fbf6",
+          "version": null
+        }
+      },
+      {
+        "package": "swift-argument-parser",
+        "repositoryURL": "https://github.com/apple/swift-argument-parser.git",
+        "state": {
+          "branch": null,
+          "revision": "eb51f949cdd0c9d88abba9ce79d37eb7ea1231d0",
+          "version": "0.2.0"
+        }
+      },
+      {
+        "package": "swift-crypto",
+        "repositoryURL": "https://github.com/apple/swift-crypto.git",
+        "state": null
+      },
+      {
+        "package": "llbuild",
+        "repositoryURL": "https://github.com/apple/swift-llbuild.git",
+        "state": {
+          "branch": "master",
+          "revision": null,
+          "version": "9.0.8"
+        }
+      },
+      {
+        "package": "Appboy_iOS_SDK",
+        "repositoryURL": "https://github.com/braze-inc/braze-ios-sdk",
+        "state": {
+          "branch": "master",
+          "revision": "",
+          "version": null
+        }
+      }
+    ]
+  },
+  "version": 1
+}
diff --git a/...ns/package-managers/spm/src/funTest/assets/projects/synthetic/spm-expected-output-app.yml b/...ns/package-managers/spm/src/funTest/assets/projects/synthetic/spm-expected-output-app.yml
@@ -0,0 +1,158 @@
+---
+project:
+  id: "SPM:oss-review-toolkit:ort:<REPLACE_REVISION>"
+  definition_file_path: "<REPLACE_DEFINITION_FILE_PATH>"
+  declared_licenses: []
+  declared_licenses_processed: {}
+  vcs:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "<REPLACE_URL_PROCESSED>"
+    revision: "<REPLACE_REVISION>"
+    path: "<REPLACE_PATH>"
+  homepage_url: "<REPLACE_URL_PROCESSED>"
+packages:
+- id: "SPM:apple:swift-argument-parser:0.2.0"
+  purl: "pkg:spm/apple/[email protected]"
+  authors:
+  - "apple"
+  declared_licenses: []
+  declared_licenses_processed: {}
+  description: ""
+  homepage_url: "https://github.com/apple/swift-argument-parser"
+  binary_artifact:
+    url: ""
+    hash:
+      value: ""
+      algorithm: ""
+  source_artifact:
+    url: ""
+    hash:
+      value: ""
+      algorithm: ""
+  vcs:
+    type: "Git"
+    url: "https://github.com/apple/swift-argument-parser.git"
+    revision: "eb51f949cdd0c9d88abba9ce79d37eb7ea1231d0"
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "https://github.com/apple/swift-argument-parser.git"
+    revision: "eb51f949cdd0c9d88abba9ce79d37eb7ea1231d0"
+    path: ""
+- id: "SPM:apple:swift-crypto:"
+  purl: "pkg:spm/apple/swift-crypto@"
+  authors:
+  - "apple"
+  declared_licenses: []
+  declared_licenses_processed: {}
+  description: ""
+  homepage_url: "https://github.com/apple/swift-crypto"
+  binary_artifact:
+    url: ""
+    hash:
+      value: ""
+      algorithm: ""
+  source_artifact:
+    url: ""
+    hash:
+      value: ""
+      algorithm: ""
+  vcs:
+    type: "Git"
+    url: "https://github.com/apple/swift-crypto.git"
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "https://github.com/apple/swift-crypto.git"
+    revision: ""
+    path: ""
+- id: "SPM:apple:swift-llbuild:9.0.8"
+  purl: "pkg:spm/apple/[email protected]"
+  authors:
+  - "apple"
+  declared_licenses: []
+  declared_licenses_processed: {}
+  description: ""
+  homepage_url: "https://github.com/apple/swift-llbuild"
+  binary_artifact:
+    url: ""
+    hash:
+      value: ""
+      algorithm: ""
+  source_artifact:
+    url: ""
+    hash:
+      value: ""
+      algorithm: ""
+  vcs:
+    type: "Git"
+    url: "https://github.com/apple/swift-llbuild.git"
+    revision: "9.0.8"
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "https://github.com/apple/swift-llbuild.git"
+    revision: "9.0.8"
+    path: ""
+- id: "SPM:braze-inc:braze-ios-sdk:branch-master"
+  purl: "pkg:spm/braze-inc/braze-ios-sdk@branch-master"
+  authors:
+  - "braze-inc"
+  declared_licenses: []
+  declared_licenses_processed: {}
+  description: ""
+  homepage_url: "https://github.com/braze-inc/braze-ios-sdk"
+  binary_artifact:
+    url: ""
+    hash:
+      value: ""
+      algorithm: ""
+  source_artifact:
+    url: ""
+    hash:
+      value: ""
+      algorithm: ""
+  vcs:
+    type: "Git"
+    url: "https://github.com/braze-inc/braze-ios-sdk.git"
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "https://github.com/braze-inc/braze-ios-sdk.git"
+    revision: ""
+    path: ""
+- id: "SPM:grpc:grpc-swift:revision-efb67a324eaf1696b50e66bc471a53690e41fbf6"
+  purl: "pkg:spm/grpc/grpc-swift@revision-efb67a324eaf1696b50e66bc471a53690e41fbf6"
+  authors:
+  - "grpc"
+  declared_licenses: []
+  declared_licenses_processed: {}
+  description: ""
+  homepage_url: "https://github.com/grpc/grpc-swift"
+  binary_artifact:
+    url: ""
+    hash:
+      value: ""
+      algorithm: ""
+  source_artifact:
+    url: ""
+    hash:
+      value: ""
+      algorithm: ""
+  vcs:
+    type: "Git"
+    url: "https://github.com/grpc/grpc-swift.git"
+    revision: "efb67a324eaf1696b50e66bc471a53690e41fbf6"
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "https://github.com/grpc/grpc-swift.git"
+    revision: "efb67a324eaf1696b50e66bc471a53690e41fbf6"
+    path: ""
diff --git a/...anagers/spm/src/funTest/assets/projects/synthetic/spm-expected-output-lib-no-lockfile.yml b/...anagers/spm/src/funTest/assets/projects/synthetic/spm-expected-output-lib-no-lockfile.yml
@@ -0,0 +1,27 @@
+---
+project:
+  id: "SPM::src/funTest/assets/projects/synthetic/spm-lib/Package.swift:"
+  definition_file_path: "<REPLACE_DEFINITION_FILE_PATH>"
+  declared_licenses: []
+  declared_licenses_processed: {}
+  vcs:
+    type: ""
+    url: ""
+    revision: ""
+    path: ""
+  vcs_processed:
+    type: "Git"
+    url: "<REPLACE_URL_PROCESSED>"
+    revision: "<REPLACE_REVISION>"
+    path: "<REPLACE_PATH>"
+  homepage_url: ""
+  scopes: []
+packages: []
+issues:
+- timestamp: "1970-01-01T00:00:00Z"
+  source: "SPM"
+  message: "SPM failed to resolve dependencies for path 'src/funTest/assets/projects/synthetic/spm-lib/Package.swift':\
+    \ IllegalArgumentException: No lockfile found in 'src/funTest/assets/projects/synthetic/spm-lib'.\
+    \ This potentially results in unstable versions of dependencies. To support this,\
+    \ enable the 'allowDynamicVersions' option in 'config.yml'."
+  severity: "ERROR"