Move the code of gemnasium-maven into the gemnasium project
Why are we doing this work
To make all 3 gemnasium analyzers share the same codebase, as part of the bigger plan to merge them into a unique project.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
- ensure that project detection remains the same after removing
common/v2/search
andcommon/v2/command
from the dependencies; This is covered by #324626 (closed).- change
Builder
interface so that builders can return multiple parseable files - change gemnasium-maven builders so that they return parseable files created by Maven/Gradle/Sbt plugin
- change the
finder
preset specific to gemnasium-maven so that it only scans 1 project (parent and children) - simplify
finder
and removeSearchSingleTree
search mode; it's no longer needed
- change
-
move builders to gemnasium project - change the
Builder
interface - adjust gemnasium-python builders
- change the
-
make gemnasium
a git submodule, and align codebase withgemnasium
- replace
analyze.go
withmain.go
, removesearch
andcommand
from the dependencies - adjust
main.go
, import parsers and builders needed for this project, and modifyrun
command if needed - remove
builder
directory - update CI config and set
GIT_SUBMODULE_STRATEGY
to fetch git submodule when building or testing Go code - update Dockerfile and copy
vrange
directories used by gemnasium-python, instead of fetching over HTTP - update project README and explain how to use the git submodule (development workflow)
- replace
Testing
Out of normal QA, we might need extra testing to ensure that:
- it only scans one project (with children)
- it scans up to depth 2
- depth 3 is skipped
Edited by Fabien Catteau