macaron icon indicating copy to clipboard operation
macaron copied to clipboard
verified publisher icon oracle

[Bug] - The action_version attribute of Setup Language classes are not initialized

Open tromai opened this issue 7 months ago • 0 comments

Description

The class instances of type SetupJava, OracleSetupJava and GraalVMSetup do not have the attribute action_version. This is unexpected because action_version is inherited from the base class ThirdPartyAction

Steps to Reproduce

Running on commit https://github.com/oracle/macaron/commit/e42408ad20ae32d9646c5c4fce25392a16a2287b

  1. Set a break point at before this line https://github.com/oracle/macaron/blob/32aa0ccf0f552df3e90563653415bd38a3feac6a/src/macaron/slsa_analyzer/ci_service/github_actions/analyzer.py#L275 For example
def find_language_setup_action(job_node: GitHubJobNode, lang_name: BuildLanguage) -> Language | None:
    """Find the step that calls a language setup GitHub Actions and return the model.

    Parameters
    ----------
    job_node: GitHubJobNode
        The target GitHub Actions job node.
    lang_name: BuildLanguage
        The target language used in the build.

    Returns
    -------
    Language | None
        The language model for the language setup GitHub Action or None.
    """
    for callee in job_node.callee:
        model = callee.model
        # Check if the model implements the Language protocol.
        if isinstance(model, Language):
            import pdb; pdb.set_trace()
            if model.lang_name == lang_name:
                return model
    return None
  1. Run this command
macaron analyze -purl pkg:maven/org.apache.hugegraph/[email protected]

You will be taken into pdb

> ...//macaron/src/macaron/slsa_analyzer/ci_service/github_actions/analyzer.py(276)find_language_setup_action()
-> if model.lang_name == lang_name:
(Pdb) type(model)
<class 'macaron.slsa_analyzer.ci_service.github_actions.analyzer.SetupJava'>
(Pdb) pp(model)
*** AttributeError: 'SetupJava' object has no attribute 'action_version'
(Pdb) "action_version" in dir(SetupJava)
False

Initial investigation

This happened because of the following factors:

  • SetupJava inherits from ThirdPartyAction, which is a frozen dataclass. https://github.com/oracle/macaron/blob/32aa0ccf0f552df3e90563653415bd38a3feac6a/src/macaron/slsa_analyzer/ci_service/github_actions/analyzer.py#L37-L45
  • SetupJava doesn't set the action_version class attribute, instead it just annotate this attribute as None https://github.com/oracle/macaron/blob/32aa0ccf0f552df3e90563653415bd38a3feac6a/src/macaron/slsa_analyzer/ci_service/github_actions/analyzer.py#L501
  • SetupJava defines it owns constructor, which overrides the dataclass constructors generated for ThirdPartyAction. SetupJava constructor doesn't initialize action_version, hence it will never exist in any class instance.
  • This happens for OracleSetupJava and GraalVMSetup with the same reason.

Environment Information

To assist with troubleshooting, please provide the following information about your environment:

Operating System: Ubuntu 22.04

CPU architecture information: x84-64

Bash Version: version 5.1.16(1)-release

Running Macaron as a Python package.

tromai avatar May 09 '25 07:05 tromai