Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support Cargo Non-Flat Dependency Graph Using cargo tree #1377

Draft
wants to merge 16 commits into
base: master
Choose a base branch
from
Draft

Support Cargo Non-Flat Dependency Graph Using cargo tree #1377

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
7a31429
applicable, extractbale method implement for cargo cli detectable
zahidblackduck Feb 27, 2025
3587046
cargo cli extractor add
zahidblackduck Feb 28, 2025
b049656
cargo dependency transformer add
zahidblackduck Mar 3, 2025
284818b
refactor cargo cli detectable and dependency transformer
zahidblackduck Mar 3, 2025
4fb2d5c
cargo dependency transformer rewrite based on tree instead of graph
zahidblackduck Mar 5, 2025
fe96f1d
cargo tree transformer class refactor
zahidblackduck Mar 6, 2025
02f7866
cargo dependency graph transformer refactor, external id factory use
zahidblackduck Mar 7, 2025
6311a33
cargo dependency transformer unit test add
zahidblackduck Mar 7, 2025
575a8ed
cargo min version 1.44.0 check for cargo cli detectable
zahidblackduck Mar 7, 2025
dee1a20
detect.cargo.path property fix to allow setting cargo build tool path
zahidblackduck Mar 7, 2025
34009b3
detect properties, cargo cli detectable refactor
zahidblackduck Mar 10, 2025
02b7353
Merge remote-tracking branch 'origin/master' into dev/zahidblackduck/…
zahidblackduck Mar 10, 2025
67631e7
cargo.md and currentreleasenotes.md update for cargo cli detector
zahidblackduck Mar 10, 2025
bb4528e
currentreleasenotes.md invalid line remove
zahidblackduck Mar 11, 2025
f88f33a
doc update as per review
zahidblackduck Mar 11, 2025
7d7a0cb
cargo tree documentation link add in cargo.md
zahidblackduck Mar 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions documentation/src/main/markdown/currentreleasenotes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@
### New features

* Support for Conda has been extended to 25.1.1.
Here’s the revised line, following your requested format:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This feels like a comment that came over from a cut and paste?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I see. I'll refactor. Thanks for pointing this out.

* A new detector leveraging `cargo tree` to extract direct and transitive dependencies, improving accuracy over the previous flat-list detection. This build-based detector is triggered for Cargo projects with a `Cargo.toml` file and requires Cargo version **1.44.0+**. Falls back to the existing build-less approach if `cargo tree` is unavailable.
Copy link
Contributor

@cpottsbd cpottsbd Mar 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion for a few tweaks to add links to further documentation:

* Cargo CLI Detector, leveraging `cargo tree` to extract direct and transitive dependencies, improving accuracy over the previous flat-list detection. This build-based detector is triggered for Cargo projects with a `Cargo.toml` file and requires Cargo version **1.44.0+**. For further information, see [Cargo package manager support](packagemgrs/cargo.md).
* Added property [detect.cargo.path](properties/detectors/cargo.md) to allow user specification of a custom Cargo executable path.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay @cpottsbd, I'll update accordingly. Thanks for the nice suggestion.

* Added property `detect.cargo.path` to allow users to specify a custom Cargo executable path.

### Resolved issues

Expand Down
33 changes: 27 additions & 6 deletions documentation/src/main/markdown/packagemgrs/cargo.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,32 @@
# Cargo support

## Overview
## Overview

[detect_product_short] runs the Cargo detector if it finds either of the following files in your project:
[detect_product_short] now includes two Cargo detectors:
Copy link
Contributor

@cpottsbd cpottsbd Mar 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would remove the "now's" and "new's" from this information and leave that type of info for the release notes. (Since this part of the documentation lives on past the point where this detector is new.)
i.e.
[detect_product_short] includes two Cargo detectors:

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it seems quite logical.


* Cargo.toml
* Cargo.lock
* **Cargo CLI Detector** (New)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

* **Cargo CLI Detector**

* **Cargo Lockfile Detector**

The Cargo detector parses the Cargo.lock file for information on your project's dependencies. If the detector discovers a Cargo.toml file but not a Cargo.lock file, it will prompt the user to generate a Cargo.lock by running `cargo generate-lockfile` and then run [detect_product_short] again.
The Cargo detector extracts the project's name and version from the Cargo.toml file. If it does not find a Cargo.toml file, it will defer to values derived by Git, from the project's directory, or defaults.
## Cargo CLI Detector

A new cli detector for Cargo projects, which extracts **direct and transitive dependencies** using the `cargo tree` command. This improves the accuracy of dependency detection over the previous flat-list detection.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion:
Detector for Cargo projects, extracts **direct and transitive dependencies** using the cargo treecommand.


**Requirements:**
* Cargo version **1.44.0+** is required (as `cargo tree` was introduced in this version).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion:

  • Cargo version 1.44.0+ is required (as cargo tree was introduced in this version).
    to
  • Cargo version 1.44.0+ required to support cargo tree.

* A `Cargo.toml` file must be present in the project.
* A valid `cargo` executable must be available on the system.

**Behavior:**
* Executes `cargo tree` to analyze dependencies.
* Parses the output to construct a hierarchical **dependency graph**.
* Falls back to the Cargo Lockfile Detector if `cargo tree` is unavailable.

To specify a custom Cargo executable path, use the `detect.cargo.path` property.

## Cargo Lockfile Detector

If `cargo tree` is unavailable, [detect_product_short] will default to the Cargo Lockfile Detector, which extracts dependencies by parsing the `Cargo.lock` file.

* If both `Cargo.toml` and `Cargo.lock` are present, the detector uses `Cargo.lock` for dependency information.
* If `Cargo.lock` is missing, the detector prompts the user to generate it using `cargo generate-lockfile`.
* Extracts the project’s name and version from `Cargo.toml`. If missing, it derives values from Git or the project directory.