Comments (4)
Hey Martin 👋 , I was just talking about this with @tsteenbe and he mentioned that one of the problem with this task is that CocoaPods commands only run on macOS. CocoaPods uses a generic dependency resolution algorithm (the same as Bundler) for this: CocoaPods/Molinillo (see usage here) that doesn't require macOS, but it does require the data models used by CocoaPods internals. Maybe this is useful information of how to get the dependency tree without macOS.
from ort.
Thanks for the info @Ruenzuo !
from ort.
The questions below outline the prerequisites of things we need to figure out prior to be able to add CocaoPods to ORT. Answered some of the questions when I could easily find the answer.
- How can you detect a project uses this specific package manager?
The presence of a .podspec
or Podfile
or Podfile.lock
is a good indicator that the project is CocaoPods project.
.podspec
package metadata file see also https://guides.cocoapods.org/syntax/podspec.html#group_root_specification or https://guides.cocoapods.org/making/specs-and-specs-repo.htmlPodfile
list dependencies see also https://guides.cocoapods.org/using/the-podfile.htmlPodfile.lock
locked list of dependencies
- How can you get the declared license for a package?
The .podspec
has s.license
field for the declared license, see the specification in https://guides.cocoapods.org/syntax/podspec.html#license and for an example https://github.com/AFNetworking/AFNetworking/blob/master/AFNetworking.podspec#L4
-
How to can one get dependency tree including package names, versions?
Most SCA tools seem to parse the Podfile.lock
file to get the list of dependencies but that not what we usually do in ORT as a project might not have committed a lock file. Ideally after ORT determines a project is using cocoapods we run the install command (pod install
) to install the dependencies and then parse the found .podspec
to get all the package metadata like we do for npm.
Question with ORT being a cross-platform project, if we add CocoaPods support, we'd like it to work on any platform, not just macOS. Esp. as most ORT pipelines run on Linux. How can we execute CocoaPods on Linux? Could we simply see it as a Ruby project and use Molinillo to get the dependency tree and package metadata?
-
How can one obtain the source code for a dependency?
The .podspec
has s.source
field to specify the source code repository for the package, see the specification in https://guides.cocoapods.org/syntax/podspec.html#source and for an example see https://github.com/AFNetworking/AFNetworking/blob/master/AFNetworking.podspec#L9
- How can one separate code dependencies from build/test ones?
Have not found any information on this, can't find it in the tools docs.
- Can you provide example projects that can be used test implementation?
Maybe we can use https://github.com/RestKit/RestKit which is mentioned in the cocoapods.org examples
from ort.
CocoaPods support was implemented in #3994.
from ort.
Related Issues (20)
- Enable ORT to generate CycloneDX 1.6 SBOMs HOT 2
- FileNotFoundException for some dependencies with ScanCode plugin and npm repository HOT 5
- Wrong type and provider in Request-URL for Curations from ClearyDefined
- Make further database connection (pool) parameters configurable for Postgres based storages
- best solution to scan a project separately and combine results to a final report HOT 6
- declared_license_mapping curations are not applied in git repo projects
- Make VCS plugins configurable
- PURL encoding for SwiftPM is invalid as PURL specification. HOT 1
- [BUG] Cargo: submodules and local packages are being skipped HOT 3
- tests: Turn assets into resources HOT 1
- FossID: improve the error reporting when the credentials are wrong
- FossID: Scanner option `fetchSnippetMatchedLines` should be removed
- Docker image for version 22.3.0 does not contain the `scancode` executable anymore HOT 8
- Invalid expires attribute date on setting Cookies during Analyzer HOT 2
- Gemfile parsing for Bundler (Ruby) doesn't correctly take into account platforms (ruby, java etc.) HOT 5
- Consider using `testcontainers-git` to test authentication with Git servers
- Mention the ORT version the report was created with.
- Generated package configuration path excludes does not respect vcs path curations HOT 1
- Effective license of `BSD-3-Clause AND BSD-3-Clause`
- Support getting Node-related tooling versions from the `frontend-gradle-plugin`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ort.