def test_get_npm_component_info_from_nexus(mock_get_js_component,
mock_get_hosted_repo):
mock_get_hosted_repo.return_value = "cachito-js-hosted"
general_js.get_npm_component_info_from_nexus("foo",
"1.0.0-external",
max_attempts=5)
mock_get_hosted_repo.assert_called_once()
mock_get_js_component.assert_called_once_with("foo",
"1.0.0-external",
"cachito-js-hosted",
is_hosted=True,
max_attempts=5)
def test_get_npm_component_info_from_nexus(mock_gcifn, group):
if group:
identifier = f"{group}/rxjs"
else:
identifier = "rxjs"
component = {
"id":
"Y2FjaGl0by1qcy1ob3N0ZWQ6ZDQ4MTE3NTQxZGNiODllYzYxM2IyMzk3MzIwMWQ3YmE",
"repository":
"cachito-js-hosted",
"format":
"npm",
"group":
group[1:] if group else None,
"name":
"rxjs",
"version":
"6.5.5-external-gitcommit-78032157f5c1655436829017bbda787565b48c30",
}
mock_gcifn.return_value = component
rv = general_js.get_npm_component_info_from_nexus(
identifier,
"6.5.5-external-gitcommit-78032157f5c1655436829017bbda787565b48c30",
max_attempts=3,
)
assert rv == component
if group:
mock_gcifn.assert_called_once_with(
"cachito-js-hosted",
"npm",
"rxjs",
"6.5.5-external-gitcommit-78032157f5c1655436829017bbda787565b48c30",
"reactive",
3,
)
else:
mock_gcifn.assert_called_once_with(
"cachito-js-hosted",
"npm",
"rxjs",
"6.5.5-external-gitcommit-78032157f5c1655436829017bbda787565b48c30",
None,
3,
)
def convert_to_nexus_hosted(dep_name, dep_info):
"""
Convert the input dependency not from the NPM registry to a Nexus hosted dependency.
:param str dep_name: the name of the dependency
:param dict dep_info: the dependency info from the npm lock file (e.g. package-lock.json)
:return: the dependency information of the Nexus hosted version to use in the npm lock file
instead of the original
:raise CachitoError: if the dependency is from an unsupported location or has an unexpected
format in the lock file
"""
git_prefixes = {
"git://",
"git+http://",
"git+https://",
"git+ssh://",
"github:",
"bitbucket:",
"gitlab:",
}
http_prefixes = {"http://", "https://"}
# The version value for a dependency outside of the npm registry is the identifier to use for
# commands such as `npm pack` or `npm install`
# Examples of version values:
# git+https://github.com/ReactiveX/rxjs.git#dfa239d41b97504312fa95e13f4d593d95b49c4b
# github:ReactiveX/rxjs#78032157f5c1655436829017bbda787565b48c30
# https://github.com/jsplumb/jsplumb/archive/2.10.2.tar.gz
dep_identifier = dep_info["version"]
verify_scripts = False
checksum_info = None
if any(dep_identifier.startswith(prefix) for prefix in git_prefixes):
try:
_, commit_hash = dep_identifier.rsplit("#", 1)
except ValueError:
msg = (
f"The dependency {dep_identifier} in the npm lock file was in an unexpected format"
)
log.error(msg)
raise CachitoError(msg)
# When the dependency is uploaded to the Nexus hosted repository, it will be in the format
# of `<version>-gitcommit-<commit hash>`
version_suffix = f"-external-gitcommit-{commit_hash}"
# Dangerous scripts might be required to be executed by `npm pack` since this is a Git
# dependency. If those scripts are present, Cachito will fail the request since it will not
# execute those scripts when packing the dependency.
verify_scripts = True
elif any(dep_identifier.startswith(prefix) for prefix in http_prefixes):
if "integrity" not in dep_info:
msg = f"The dependency {dep_identifier} is missing the integrity value in the lock file"
log.error(msg)
raise CachitoError(msg)
checksum_info = convert_integrity_to_hex_checksum(
dep_info["integrity"])
# When the dependency is uploaded to the Nexus hosted repository, it will be in the format
# of `<version>-external-<checksum algorithm>-<hex checksum>`
version_suffix = f"-external-{checksum_info.algorithm}-{checksum_info.hexdigest}"
else:
raise CachitoError(
f"The dependency {dep_identifier} is hosted in an unsupported location"
)
component_info = get_npm_component_info_from_nexus(dep_name,
f"*{version_suffix}")
if not component_info:
upload_non_registry_dependency(dep_identifier, version_suffix,
verify_scripts, checksum_info)
component_info = get_npm_component_info_from_nexus(
dep_name, f"*{version_suffix}", max_attempts=5)
if not component_info:
raise CachitoError(
f"The dependency {dep_identifier} was uploaded to Nexus but is not accessible"
)
converted_dep_info = copy.deepcopy(dep_info)
# The "from" value is the original value from package.json for some locations
converted_dep_info.pop("from", None)
converted_dep_info.update({
"integrity":
convert_hex_sha512_to_npm(
component_info["assets"][0]["checksum"]["sha512"]),
"resolved":
component_info["assets"][0]["downloadUrl"],
"version":
component_info["version"],
})
return converted_dep_info