Merge pull request #280 from JohT/feature/separate-install-oftypescript-project-dependencies

Install Typescript project dependencies explicitly

Author: JohT

.github/workflows/typescript-code-analysis.yml

@@ -118,11 +118,6 @@ jobs:
         key:
           ${{ runner.os }}-${{ hashFiles('**/*.sh') }}
 
-    - name: Setup pnpm for react-router
-      uses: pnpm/[email protected]
-      with:
-        version: 8.10.5
-
     - name: Download ${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}
       working-directory: temp
       run: |
@@ -131,6 +126,16 @@ jobs:
         echo "Working directory: $( pwd -P )"
         ./../../scripts/downloader/downloadReactRouter.sh ${{ env.REACT_ROUTER_VERSION }}
 
+    - name: Setup pnpm for react-router
+      uses: pnpm/[email protected]
+      with:
+        package_json_file: temp/${{env.PROJECT_NAME}}-${{env.REACT_ROUTER_VERSION}}/source/${{env.PROJECT_NAME}}-${{env.REACT_ROUTER_VERSION}}/package.json
+          
+    - name: Install dependencies with pnpm
+      working-directory: temp/${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}/source/${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}
+      run: |
+        pnpm install --frozen-lockfile --strict-peer-dependencies
+
     - name: Analyze ${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}
       working-directory: temp/${{ env.PROJECT_NAME }}-${{ env.REACT_ROUTER_VERSION }}
       # Shell type can be skipped if jupyter notebook reports (and therefore conda) aren't needed

scripts/downloader/downloadAntDesign.sh

@@ -2,7 +2,6 @@
 
 # Downloads the Typescript project ant-design (https://github.com/ant-design/ant-design) from GitHub using git clone.
 # The source files are written into the "source" directory of the current analysis directory.
-# After scanning it with jQAssistant Typescript Plugin the resulting JSON will be moved into the "artifacts" directory.
 
 # Note: This script is meant to be started within the temporary analysis directory (e.g. "temp/AnalysisName/")
 

scripts/downloader/downloadReactRouter.sh

@@ -2,7 +2,6 @@
 
 # Downloads react-router (https://github.com/remix-run/react-router) from GitHub using git clone.
 # The source files are written into the "source" directory of the current analysis directory.
-# After scanning it with jQAssistant Typescript Plugin the resulting JSON will be moved into the "artifacts" directory.
 
 # Note: This script is meant to be started within the temporary analysis directory (e.g. "temp/AnalysisName/")
 # Note: react-router uses pnpm as package manager which needs to be installed first
@@ -30,5 +29,4 @@ echo "downloadReactRouter: DOWNLOADER_SCRIPTS_DIR=${DOWNLOADER_SCRIPTS_DIR}"
 source "${DOWNLOADER_SCRIPTS_DIR}/downloadTypescriptProject.sh" \
   --url https://github.com/remix-run/react-router.git \
   --version "${projectVersion}" \
-  --tag "react-router@${projectVersion}" \
-  --packageManager pnpm
+  --tag "react-router@${projectVersion}"

scripts/downloader/downloadTypescriptProject.sh

@@ -1,16 +1,13 @@
 #!/usr/bin/env bash
 
 # Downloads the given version of a Typescript project from a git repository using git clone.
-# The cloned project is then moved into the "source" directory of the current analysis directory 
-# where its dependencies are installed by the given package manager.
-# After scanning it with jQAssistant's Typescript Plugin, the resulting JSON will be moved into the "artifacts/typescript" directory.
+# The cloned project is then moved into the "source" directory of the current analysis directory.
 
 # Command line options:
 # --url             Git clone URL (optional, default = skip clone)
 # --version         Version of the project
 # --tag             Tag to switch to after "git clone" (optional, default = version)
 # --project         Name of the project/repository (optional, default = clone url file name without .git extension)
-# --packageManager  One of "npm", "pnpm" or "yarn". (optional, default = "npm")
 
 # Note: This script is meant to be started within the temporary analysis directory (e.g. "temp/AnalysisName/")
 
@@ -29,7 +26,6 @@ usage() {
   echo "          [ --tag <git-tag-for-that-version> (default=version) \\]"
   echo "          [ --url <git-clone-url> (default=skip clone)] \\"
   echo "          [ --project <name-of-the-project> (default=url file name) \\]"
-  echo "          [ --packageManager <npm/pnpm/yarn> (default=npm) ]"
   echo "Example: $0 \\"
   echo "           --url https://github.com/ant-design/ant-design.git \\"
   echo "           --version 5.19.3"
@@ -41,7 +37,6 @@ cloneUrl=""
 projectName=""
 projectVersion=""
 projectTag=""
-packageManager="npm"
 
 # Parse command line options
 while [[ $# -gt 0 ]]; do
@@ -65,10 +60,6 @@ while [[ $# -gt 0 ]]; do
       projectTag="${value}"
       shift
       ;;
-    --packageManager)
-      packageManager="${value}"
-      shift
-      ;;
     *)
       echo "downloadTypescriptProject Error: Unknown option: ${key}"
       usage
@@ -108,49 +99,10 @@ if [ -z "${projectTag}" ]; then
   projectTag="${projectVersion}"
 fi
 
-case "${packageManager}" in
-  npm|pnpm|yarn) 
-    echo "downloadTypescriptProject Using package manager ${packageManager}" 
-    ;;
-  *)
-    echo "downloadTypescriptProject Error: Unknown package manager: ${packageManager}"
-    usage
-    ;;
-esac
-
-if ! command -v "${packageManager}" &> /dev/null ; then
-    echo "downloadTypescriptProject Error: Package manager ${packageManager} could not be found"
-    exit 1
-fi
-
-if ! command -v "npx" &> /dev/null ; then
-    echo "downloadTypescriptProject Error: Command npx not found. It's needed to execute npm packages."
-    exit 1
-fi
-
 echo "downloadTypescriptProject: cloneUrl:       ${cloneUrl}"
 echo "downloadTypescriptProject: projectName:    ${projectName}"
 echo "downloadTypescriptProject: projectVersion: ${projectVersion}"
 echo "downloadTypescriptProject: projectTag:     ${projectTag}"
-echo "downloadTypescriptProject: packageManager: ${packageManager}"
-
-usePackageManagerToInstallDependencies() {
-  echo "downloadTypescriptProject: Installing dependencies using ${packageManager}..."
-  case "${packageManager}" in
-    npm)
-      # npm ci is not sufficient for projects like "ant-design" that rely on generating the package-lock
-      # Even if this is not standard, this is an acceptable solution since it is only used to prepare scanning.
-      # The same applies to "--force" which shouldn't be done normally.
-      npm install --ignore-scripts --force --verbose || exit
-      ;;
-    pnpm)
-      pnpm install --frozen-lockfile || exit
-      ;;
-    yarn)
-      yarn install --frozen-lockfile --ignore-scripts --non-interactive --verbose || exit
-      ;;
-  esac
-}
 
 # Create runtime logs directory if it hasn't existed yet
 mkdir -p ./runtime/logs
@@ -172,9 +124,4 @@ if [ ! -d "${fullSourceDirectory}" ]; then # source doesn't exist
 else
   # Source already exists. Cloning not necessary.
   echo "downloadTypescriptProject: Source already exists. Skip cloning ${cloneUrl}"
-fi
-
-(
-  cd "${fullSourceDirectory}" || exit
-  usePackageManagerToInstallDependencies
-)
+fi

scripts/examples/analyzeAntDesign.sh

@@ -11,6 +11,10 @@
 # Fail on any error ("-e" = exit on first error, "-o pipefail" exist on errors within piped commands)
 set -o errexit -o pipefail
 
+# Overrideable Defaults
+SOURCE_DIRECTORY=${SOURCE_DIRECTORY:-"source"}
+echo "analyzerAntDesign: SOURCE_DIRECTORY=${SOURCE_DIRECTORY}"
+
 ## Get this "scripts" directory if not already set
 # Even if $BASH_SOURCE is made for Bourne-like shells it is also supported by others and therefore here the preferred solution. 
 # CDPATH reduces the scope of the cd command to potentially prevent unintended directory changes.
@@ -53,8 +57,16 @@ cd "./ant-design-${projectVersion}"
 # Create the artifacts directory that will contain the code to be analyzed.
 mkdir -p ./artifacts
 
-# Download AxonFramework artifacts (jar files) from Maven
+# Download ant-design source code
 ./../../scripts/downloader/downloadAntDesign.sh "${projectVersion}"
 
+(
+  cd "./${SOURCE_DIRECTORY}//ant-design-${projectVersion}" || exit
+  # npm ci is not sufficient for projects like "ant-design" that rely on generating the package-lock
+  # Even if this is not standard, this is an acceptable solution since it is only used to prepare scanning.
+  # The same applies to "--force" which shouldn't be done normally.
+  npm install --ignore-scripts --force --verbose || exit
+)
+
 # Start the analysis
 ./../../scripts/analysis/analyze.sh "${@}"

scripts/examples/analyzeReactRouter.sh

@@ -11,6 +11,10 @@
 # Fail on any error ("-e" = exit on first error, "-o pipefail" exist on errors within piped commands)
 set -o errexit -o pipefail
 
+# Overrideable Defaults
+SOURCE_DIRECTORY=${SOURCE_DIRECTORY:-"source"}
+echo "analyzerReactRouter: SOURCE_DIRECTORY=${SOURCE_DIRECTORY}"
+
 ## Get this "scripts" directory if not already set
 # Even if $BASH_SOURCE is made for Bourne-like shells it is also supported by others and therefore here the preferred solution. 
 # CDPATH reduces the scope of the cd command to potentially prevent unintended directory changes.
@@ -53,8 +57,13 @@ cd "./react-router-${projectVersion}"
 # Create the artifacts directory that will contain the code to be analyzed.
 mkdir -p ./artifacts
 
-# Download AxonFramework artifacts (jar files) from Maven
+# Download react-router source code
 ./../../scripts/downloader/downloadReactRouter.sh "${projectVersion}"
 
+(
+  cd "${SOURCE_DIRECTORY}/react-router-${projectVersion}" || exit
+  pnpm install --frozen-lockfile --strict-peer-dependencies || exit
+)
+
 # Start the analysis
 ./../../scripts/analysis/analyze.sh "${@}"