diff --git a/commands/audit/sca/pnpm/pnpm.go b/commands/audit/sca/pnpm/pnpm.go index e387a43a..39dedce5 100644 --- a/commands/audit/sca/pnpm/pnpm.go +++ b/commands/audit/sca/pnpm/pnpm.go @@ -4,7 +4,6 @@ import ( "encoding/json" "errors" "fmt" - biutils "github.com/jfrog/build-info-go/utils" "os/exec" "path/filepath" @@ -20,6 +19,7 @@ import ( "github.com/jfrog/jfrog-client-go/utils/io/fileutils" "github.com/jfrog/jfrog-client-go/utils/log" + biutils "github.com/jfrog/build-info-go/utils" coreXray "github.com/jfrog/jfrog-cli-core/v2/utils/xray" xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils" ) @@ -48,22 +48,21 @@ func BuildDependencyTree(params utils.AuditParams) (dependencyTrees []*xrayUtils return } // Build - var tempDirForDependenciesCalculation string - if tempDirForDependenciesCalculation, err = installProjectIfNeeded(pnpmExecPath, currentDir); errorutils.CheckError(err) != nil { + var dirForDependenciesCalculation string + if dirForDependenciesCalculation, err = installProjectIfNeeded(pnpmExecPath, currentDir); errorutils.CheckError(err) != nil { return } - var dirToCalcDependenciesOn string - if tempDirForDependenciesCalculation == "" { - dirToCalcDependenciesOn = currentDir + if dirForDependenciesCalculation == "" { + // If we didn't execute 'install' dirForDependenciesCalculation contains an empty value and the dependencies calculation should be performed on the original cloned dir + dirForDependenciesCalculation = currentDir } else { - // If tempDirForDependenciesCalculation contains a non-empty value, it means we executed 'install' on a temporary directory on which we need to calculate the dependencies and remove it at the end - dirToCalcDependenciesOn = tempDirForDependenciesCalculation + // If tempDirForDependenciesCalculation contains a non-empty value, it means we created a temporary directory during the execution of 'install' command, and it needs to removed at the end defer func() { - err = errors.Join(err, biutils.RemoveTempDir(tempDirForDependenciesCalculation)) + err = errors.Join(err, biutils.RemoveTempDir(dirForDependenciesCalculation)) }() } - return calculateDependencies(pnpmExecPath, dirToCalcDependenciesOn, params) + return calculateDependencies(pnpmExecPath, dirForDependenciesCalculation, params) } func getPnpmExecPath() (pnpmExecPath string, err error) { @@ -91,9 +90,9 @@ func getPnpmCmd(pnpmExecPath, workingDir, cmd string, args ...string) *io.Comman } // Installation is necessary when either the "pnpm-lock.yaml" lock file or the "node_modules/.pnpm" directory does not exist. -// If the "node_modules/.pnpm" directory doesn't exist, we duplicate the project to a temporary directory and conduct the 'install' operation on the duplicate, to ensure that the original clone does not retain the node_modules directory if it didn't exist previously. -// In such instances, the path of the temporary directory will be returned as the 'tempDirForDependenciesCalculation' variable. -func installProjectIfNeeded(pnpmExecPath, workingDir string) (tempDirForDependenciesCalculation string, err error) { +// If install is needed, we duplicate the project to a temporary directory and conduct the 'install' operation on the duplicate, to ensure that the original clone does not retain the node_modules directory if it didn't exist previously. +// Upon 'install' the path to the duplicate directory will be returned. +func installProjectIfNeeded(pnpmExecPath, workingDir string) (dirForDependenciesCalculation string, err error) { lockFileExists, err := fileutils.IsFileExists(filepath.Join(workingDir, "pnpm-lock.yaml"), false) if err != nil { return @@ -102,33 +101,25 @@ func installProjectIfNeeded(pnpmExecPath, workingDir string) (tempDirForDependen if err != nil || (lockFileExists && pnpmDirExists) { return } - // Install is needed + // Install is needed and will be performed on a copy of the cloned dir log.Debug("Installing Pnpm project:", workingDir) - workingDirToRunInstallOn := workingDir - - // If the node_modules/.pnpm directory doesn't exist, we clone the project to a temporary directory to ensure that the original project remains unaffected by the newly added files from the 'install' command. - if !pnpmDirExists { - tempDirForDependenciesCalculation, err = fileutils.CreateTempDir() - if err != nil { - err = fmt.Errorf("failed to create a temporary dir: %w", err) - return - } - defer func() { - // If an error occurs for any reason, we proceed to delete the temporary directory. - if err != nil { - err = errors.Join(err, fileutils.RemoveTempDir(tempDirForDependenciesCalculation)) - } - }() - - err = biutils.CopyDir(workingDir, tempDirForDependenciesCalculation, true, nil) + dirForDependenciesCalculation, err = fileutils.CreateTempDir() + if err != nil { + err = fmt.Errorf("failed to create a temporary dir: %w", err) + return + } + defer func() { + // If an error occurs for any reason, we proceed to delete the temporary directory. if err != nil { - err = fmt.Errorf("failed copying project to temp dir: %w", err) - return + err = errors.Join(err, fileutils.RemoveTempDir(dirForDependenciesCalculation)) } - workingDirToRunInstallOn = tempDirForDependenciesCalculation + }() + err = biutils.CopyDir(workingDir, dirForDependenciesCalculation, true, nil) + if err != nil { + err = fmt.Errorf("failed copying project to temp dir: %w", err) + return } - - err = getPnpmCmd(pnpmExecPath, workingDirToRunInstallOn, "install", npm.IgnoreScriptsFlag).GetCmd().Run() + err = getPnpmCmd(pnpmExecPath, dirForDependenciesCalculation, "install", npm.IgnoreScriptsFlag).GetCmd().Run() return }