Merge branch 'master' into jg/ane-1827

.github/workflows/integrations-test.yml

@@ -11,8 +11,7 @@ on:
 jobs:
   integration-test:
     name: integration-test
-    runs-on:
-      group: "FOSSA CLI Runner"
+    runs-on: "fossa-cli-integration-runner"
     # Be sure to update the env below too
     container: fossa/haskell-static-alpine:ghc-9.4.8
 

cabal.project.common

@@ -57,4 +57,4 @@ source-repository-package
   location: https://github.com/fossas/codec-rpm
   tag: 0f7431423d47fdf36945e4ff31fbee76005b7e68
 
-index-state: hackage.haskell.org 2024-04-12T15:16:26Z
+index-state: hackage.haskell.org 2024-08-14T18:49:08Z

spectrometer.cabal

@@ -101,7 +101,9 @@ common deps
     , conduit-zstd                 ^>=0.0.2.0
     , containers                   ^>=0.6.8
     , cpio-conduit                 ^>=0.7.0
-    , crypton                      ^>=0.34
+    , crypton                      ^>=1.0.0
+    , crypton-connection           ^>=0.4.1
+    , data-default-class           ^>=0.1.2.0
     , deepseq                      ^>=1.4.8
     , direct-sqlite                ^>=2.3.27
     , directory                    ^>=1.3.6.1
@@ -117,6 +119,7 @@ common deps
     , hashable                     >=1.0.0.1
     , hedn                         ^>=0.3.0.1
     , http-client                  ^>=0.7.1
+    , http-client-tls              ^>=0.3.6
     , http-conduit                 ^>=2.3.0
     , http-types                   ^>=0.12.3
     , lzma                         ^>=0.0.1.0
@@ -148,7 +151,7 @@ common deps
     , text                         ^>=2.0.0
     , th-lift-instances            ^>=0.1.17
     , time                         >=1.9       && <1.13
-    , tls                          >=1.9       && <2.0
+    , tls                          ^>=2.0
     , toml-parser                  ^>=2.0.0.0
     , transformers
     , typed-process                ^>=0.2.6

src/Control/Carrier/FossaApiClient.hs

@@ -11,11 +11,30 @@ import Control.Carrier.Simple (SimpleC, interpret)
 import Control.Effect.Debug (Debug)
 import Control.Effect.Diagnostics (Diagnostics)
 import Control.Effect.FossaApiClient (FossaApiClientF (..))
-import Control.Effect.Lift (Lift)
+import Control.Effect.Lift (Lift, sendIO)
+import Data.Default.Class (def)
 import Fossa.API.Types (ApiOpts)
+import Network.Connection (TLSSettings (TLSSettingsSimple, settingClientSupported))
+import Network.HTTP.Client (Manager, ManagerSettings, newManager)
+import Network.HTTP.Client.TLS (mkManagerSettings)
+import Network.TLS (EMSMode (AllowEMS), Supported (supportedExtendedMainSecret))
+
+-- TODO: Remove the ReaderC Manager layer.
+-- This was created so that we can use AllowEMS for a few older servers that still require it.
+-- As of 2024-10-24 we are free to revert this change, but it must stay until then.
+-- After fixing the related errors, you should also be able to remove these deps from spectrometer.cabal:
+--  1. crypton-connection
+--  2. http-client-tls
+--  3. data-default-class
 
 -- | A carrier to run FOSSA API functions in the IO monad
-type FossaApiClientC m = SimpleC FossaApiClientF (ReaderC ApiOpts m)
+type FossaApiClientC m = SimpleC FossaApiClientF (ReaderC Manager (ReaderC ApiOpts m))
+
+emsTLSSettings :: TLSSettings
+emsTLSSettings =
+  case def of
+    simple@TLSSettingsSimple{} -> simple{settingClientSupported = def{supportedExtendedMainSecret = AllowEMS}}
+    otherSettings -> otherSettings
 
 -- | Runs FossaAPI effects as IO operations
 runFossaApiClient ::
@@ -26,65 +45,74 @@ runFossaApiClient ::
   ApiOpts ->
   FossaApiClientC m a ->
   m a
-runFossaApiClient apiOpts =
+runFossaApiClient apiOpts action = do
+  mgr <- sendIO $ newManager allowEMSManager
   runReader apiOpts
-    . interpret
-      ( \case
-          AddFilesToVsiScan scanId files -> VSI.addFilesToVsiScan scanId files
-          AssertRevisionBinaries locator fingerprints -> VSI.assertRevisionBinaries locator fingerprints
-          AssertUserDefinedBinaries meta fingerprints -> VSI.assertUserDefinedBinaries meta fingerprints
-          CompleteVsiScan scanId -> VSI.completeVsiScan scanId
-          CreateVsiScan rev -> VSI.createVsiScan rev
-          FinalizeLicenseScan components -> LicenseScanning.finalizeLicenseScan components
-          FinalizeLicenseScanForPathDependency locators forceRebuild -> LicenseScanning.finalizePathDependencyScan locators forceRebuild
-          GetApiOpts -> pure apiOpts
-          GetAttribution rev format -> Core.getAttribution rev format
-          GetIssues rev diffRev locatorType -> Core.getIssues rev diffRev locatorType
-          GetEndpointVersion -> Core.getEndpointVersion
-          GetLatestBuild rev locatorType -> Core.getLatestBuild rev locatorType
-          GetRevisionDependencyCacheStatus rev -> Core.getRevisionDependencyCacheStatus rev
-          GetOrganization -> Core.getOrganization
-          GetPolicies -> Core.getPolicies
-          GetProject rev locatorType -> Core.getProject rev locatorType
-          GetTeams -> Core.getTeams
-          AddTeamProjects teamId req -> Core.addTeamProjects teamId req
-          GetAnalyzedRevisions vdeps -> Core.getAnalyzedRevisions vdeps
-          GetSignedFirstPartyScanUrl rev -> LicenseScanning.getSignedFirstPartyScanUrl rev
-          GetSignedLicenseScanUrl rev -> LicenseScanning.getSignedLicenseScanUrl rev
-          GetSignedUploadUrl fileType rev -> Core.getSignedUploadUrl fileType rev
-          GetPathDependencyScanUrl rev projectRevision uploadKind -> LicenseScanning.uploadPathDependencyScanResult rev projectRevision uploadKind
-          GetVsiInferences scanId -> VSI.getVsiInferences scanId
-          GetVsiScanAnalysisStatus scanId -> VSI.getVsiScanAnalysisStatus scanId
-          QueueArchiveBuild archives rebuild -> Core.queueArchiveBuild archives rebuild
-          QueueSBOMBuild archive team rebuild -> Core.queueSBOMBuild archive team rebuild
-          ResolveProjectDependencies locator -> VSI.resolveProjectDependencies locator
-          ResolveUserDefinedBinary deps -> VSI.resolveUserDefinedBinary deps
-          UploadAnalysis rev metadata units -> Core.uploadAnalysis rev metadata units
-          UploadAnalysisWithFirstPartyLicenses rev metadata uploadKind -> Core.uploadAnalysisWithFirstPartyLicenses rev metadata uploadKind
-          UploadArchive url path -> Core.uploadArchive url path
-          UploadNativeContainerScan revision metadata scan -> Core.uploadNativeContainerScan revision metadata scan
-          UploadContributors locator contributors -> Core.uploadContributors locator contributors
-          UploadLicenseScanResult signedUrl licenseSourceUnit -> LicenseScanning.uploadLicenseScanResult signedUrl licenseSourceUnit
-          UploadFirstPartyScanResult signedUrl fullSourceUnits -> LicenseScanning.uploadFirstPartyScanResult signedUrl fullSourceUnits
-          GetAnalyzedPathRevisions projectRevision -> LicenseScanning.alreadyAnalyzedPathRevision projectRevision
-          -- Reachability
-          UploadContentForReachability content -> Core.uploadReachabilityContent content
-          UploadBuildForReachability rev metadata content -> Core.uploadReachabilityBuild rev metadata content
-          GetTokenType -> Core.getTokenType
-          GetCustomBuildPermissons rev metadata -> Core.getCustomBuildPermissions rev metadata
-          -- Release Group
-          DeleteReleaseGroup releaseGroupId -> Core.deleteReleaseGroup releaseGroupId
-          DeleteReleaseGroupRelease releaseGroupId releaseId -> Core.deleteReleaseGroupRelease releaseGroupId releaseId
-          UpdateReleaseGroupRelease releaseGroupId releaseId updateReq -> Core.updateReleaseGroupRelease releaseGroupId releaseId updateReq
-          GetReleaseGroups -> Core.getReleaseGroups
-          GetReleaseGroupReleases releaseGroupId -> Core.getReleaseGroupReleases releaseGroupId
-          CreateReleaseGroup req -> Core.createReleaseGroup req
-          -- Project
-          GetProjectV2 locator -> Core.getProjectV2 locator
-          UpdateProject locator req -> Core.updateProject locator req
-          -- Revision
-          UpdateRevision revisionLocator req -> Core.updateRevision revisionLocator req
-          -- Labels
-          GetOrgLabels -> Core.getOrgLabels
-          CreateReleaseGroupRelease releaseGroupId req -> Core.createReleaseGroupRelease releaseGroupId req
-      )
+    . runReader mgr
+    . interpreter
+    $ action
+  where
+    allowEMSManager :: ManagerSettings
+    allowEMSManager = mkManagerSettings emsTLSSettings Nothing
+
+    interpreter =
+      interpret
+        ( \case
+            AddFilesToVsiScan scanId files -> VSI.addFilesToVsiScan scanId files
+            AssertRevisionBinaries locator fingerprints -> VSI.assertRevisionBinaries locator fingerprints
+            AssertUserDefinedBinaries meta fingerprints -> VSI.assertUserDefinedBinaries meta fingerprints
+            CompleteVsiScan scanId -> VSI.completeVsiScan scanId
+            CreateVsiScan rev -> VSI.createVsiScan rev
+            FinalizeLicenseScan components -> LicenseScanning.finalizeLicenseScan components
+            FinalizeLicenseScanForPathDependency locators forceRebuild -> LicenseScanning.finalizePathDependencyScan locators forceRebuild
+            GetApiOpts -> pure apiOpts
+            GetAttribution rev format -> Core.getAttribution rev format
+            GetIssues rev diffRev locatorType -> Core.getIssues rev diffRev locatorType
+            GetEndpointVersion -> Core.getEndpointVersion
+            GetLatestBuild rev locatorType -> Core.getLatestBuild rev locatorType
+            GetRevisionDependencyCacheStatus rev -> Core.getRevisionDependencyCacheStatus rev
+            GetOrganization -> Core.getOrganization
+            GetPolicies -> Core.getPolicies
+            GetProject rev locatorType -> Core.getProject rev locatorType
+            GetTeams -> Core.getTeams
+            AddTeamProjects teamId req -> Core.addTeamProjects teamId req
+            GetAnalyzedRevisions vdeps -> Core.getAnalyzedRevisions vdeps
+            GetSignedFirstPartyScanUrl rev -> LicenseScanning.getSignedFirstPartyScanUrl rev
+            GetSignedLicenseScanUrl rev -> LicenseScanning.getSignedLicenseScanUrl rev
+            GetSignedUploadUrl fileType rev -> Core.getSignedUploadUrl fileType rev
+            GetPathDependencyScanUrl rev projectRevision uploadKind -> LicenseScanning.uploadPathDependencyScanResult rev projectRevision uploadKind
+            GetVsiInferences scanId -> VSI.getVsiInferences scanId
+            GetVsiScanAnalysisStatus scanId -> VSI.getVsiScanAnalysisStatus scanId
+            QueueArchiveBuild archives rebuild -> Core.queueArchiveBuild archives rebuild
+            QueueSBOMBuild archive team rebuild -> Core.queueSBOMBuild archive team rebuild
+            ResolveProjectDependencies locator -> VSI.resolveProjectDependencies locator
+            ResolveUserDefinedBinary deps -> VSI.resolveUserDefinedBinary deps
+            UploadAnalysis rev metadata units -> Core.uploadAnalysis rev metadata units
+            UploadAnalysisWithFirstPartyLicenses rev metadata uploadKind -> Core.uploadAnalysisWithFirstPartyLicenses rev metadata uploadKind
+            UploadArchive url path -> Core.uploadArchive url path
+            UploadNativeContainerScan revision metadata scan -> Core.uploadNativeContainerScan revision metadata scan
+            UploadContributors locator contributors -> Core.uploadContributors locator contributors
+            UploadLicenseScanResult signedUrl licenseSourceUnit -> LicenseScanning.uploadLicenseScanResult signedUrl licenseSourceUnit
+            UploadFirstPartyScanResult signedUrl fullSourceUnits -> LicenseScanning.uploadFirstPartyScanResult signedUrl fullSourceUnits
+            GetAnalyzedPathRevisions projectRevision -> LicenseScanning.alreadyAnalyzedPathRevision projectRevision
+            -- Reachability
+            UploadContentForReachability content -> Core.uploadReachabilityContent content
+            UploadBuildForReachability rev metadata content -> Core.uploadReachabilityBuild rev metadata content
+            GetTokenType -> Core.getTokenType
+            GetCustomBuildPermissons rev metadata -> Core.getCustomBuildPermissions rev metadata
+            -- Release Group
+            DeleteReleaseGroup releaseGroupId -> Core.deleteReleaseGroup releaseGroupId
+            DeleteReleaseGroupRelease releaseGroupId releaseId -> Core.deleteReleaseGroupRelease releaseGroupId releaseId
+            UpdateReleaseGroupRelease releaseGroupId releaseId updateReq -> Core.updateReleaseGroupRelease releaseGroupId releaseId updateReq
+            GetReleaseGroups -> Core.getReleaseGroups
+            GetReleaseGroupReleases releaseGroupId -> Core.getReleaseGroupReleases releaseGroupId
+            CreateReleaseGroup req -> Core.createReleaseGroup req
+            -- Project
+            GetProjectV2 locator -> Core.getProjectV2 locator
+            UpdateProject locator req -> Core.updateProject locator req
+            -- Revision
+            UpdateRevision revisionLocator req -> Core.updateRevision revisionLocator req
+            -- Labels
+            GetOrgLabels -> Core.getOrgLabels
+            CreateReleaseGroupRelease releaseGroupId req -> Core.createReleaseGroupRelease releaseGroupId req
+        )