Skip to content

Commit

Permalink
fix(compose): Stash any present "vendor" directory
Browse files Browse the repository at this point in the history 
To not confuse the analyzer with a "dirty" working directory, stash away
any present "vendor" directory [1] when running `composer`, similar as
done for `GoMod`.

[1]: https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
  • Loading branch information
@sschuberth
sschuberth committed Aug 10, 2024
1 parent 2274638 commit 471a65d
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions plugins/package-managers/composer/src/main/kotlin/Composer.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ import org.ossreviewtoolkit.utils.common.CommandLineTool
import org.ossreviewtoolkit.utils.common.Os
import org.ossreviewtoolkit.utils.common.collectMessages
import org.ossreviewtoolkit.utils.common.splitOnWhitespace
import org.ossreviewtoolkit.utils.common.stashDirectories
import org.ossreviewtoolkit.utils.ort.showStackTrace

import org.semver4j.RangesList
Expand Down Expand Up @@ -122,9 +123,11 @@ class Composer(
return listOf(result)
}

val lockfile = ensureLockfile(workingDir).let {
logger.info { "Parsing lockfile at '$it'..." }
parseLockfile(it.readText())
val lockfile = stashDirectories(workingDir.resolve("vendor")).use { _ ->
ensureLockfile(workingDir).let {
logger.info { "Parsing lockfile at '$it'..." }
parseLockfile(it.readText())
}
}

val packages = parseInstalledPackages(lockfile)
Expand Down

0 comments on commit 471a65d

Please sign in to comment.