-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to suppress the error "AnalyzerResult contains packages that are also projects." #5721
Comments
I ran into the same issue unintentionally as the conflict sees to come from a directory I excluded, so I'm interested in other ways to work around this error. Perhaps in the monorepo setup you can scan all projects (subdirectories) separately to avoid the issue of duplicate dependencies? Edit: I got an answer through chat for my situation by @sschuberth that clarified the inner workings for me regarding excludes, so that isn't an option in this case.
|
This check was introduced in df84062 because if the analyzer result contains projects and packages with the same identifier this can lead to unexpected behavior in later steps (one main issue was that the web app report was showing incorrect data). It usually indicates an issue in the package manager implementation which did not correctly identify a project dependency. @mawl @nicorikken Please provide example projects that reproduce this issue so that we can identify the root cause. |
Here is an example project reproducing this issue. We had to use a local package approach for that as we usually publish our packages to our private registry. |
@mnonnenmacher: I have provided an example. Do you have any news for us concerning the progress? Thanks. |
@mnonnenmacher, @sschuberth: can you please check the example? We have a few monorepos in our company where we would like to have ORT to work for, too. Have a good New Year :) |
I haven't checked, but my hunch is that this happens because the monorepo contains both the source code to a package (which ORT treats as a project then), and another project is consuming the (binary) artifact for that package as a dependency (so here ORT treats it as a package). However, the id is the same in both cases. And that's something ORT does not currently support: Refer to the same id once as a project and once as a package / dependency within the same analyzer run. |
BTW, as of #6241 you should actually also get a better error message in this case. |
During scan phase it is possible to exclude PROJECTs from scanning. Wouldn't it be possible to implement the same option for the analyze phase as a workaround, like not treating them?
|
See #5968 😉 |
The PR has been merged, which answers the question on how to suppress the error by skipping paths with duplicate project / package ids. |
Hey,
How can we suppress following error concerning npm dependencies in a monorepo? Some of the dependencies are also projects in it.
ort/analyzer/src/main/kotlin/AnalyzerResultBuilder.kt
Line 53 in 30ddfed
The text was updated successfully, but these errors were encountered: