Refine readability in resolve_pypi_packages and add logging #1598 (#1647)

Signed-off-by: tdruez <[email protected]>

Author: tdruez

scanpipe/pipes/resolve.py

@@ -21,18 +21,19 @@
 # Visit https://github.com/aboutcode-org/scancode.io for support and download.
 
 import json
+import logging
 import sys
 import uuid
 from pathlib import Path
 
 from django.core.exceptions import MultipleObjectsReturned
 from django.core.exceptions import ObjectDoesNotExist
 
+import python_inspector.api as python_inspector
 from attributecode.model import About
 from packagedcode import APPLICATION_PACKAGE_DATAFILE_HANDLERS
 from packagedcode.licensing import get_license_detections_and_expression
 from packageurl import PackageURL
-from python_inspector.api import resolve_dependencies
 
 from scanpipe.models import DiscoveredDependency
 from scanpipe.models import DiscoveredPackage
@@ -46,6 +47,8 @@
 Resolve packages from manifest, lockfile, and SBOM.
 """
 
+logger = logging.getLogger("scanpipe.pipes")
+
 
 def resolve_manifest_resources(resource, package_registry):
     """Get package data from resource."""
@@ -164,17 +167,22 @@ def get_packages_from_manifest(input_location, package_registry=None):
     Resolve packages or get packages data from a package manifest file/
     lockfile/SBOM at `input_location`.
     """
+    logger.info(f"> Get packages from manifest: {input_location}")
     default_package_type = get_default_package_type(input_location)
     # we only try to resolve packages if file at input_location is
     # a package manifest, and ignore for other files
     if not default_package_type:
+        logger.info("  Package type not found.")
         return
 
     # Get resolvers for available packages/SBOMs in the registry
     resolver = package_registry.get(default_package_type)
     if resolver:
+        logger.info(f"  Using resolver={resolver.__name__}")
         resolved_packages = resolver(input_location=input_location)
         return resolved_packages
+    else:
+        logger.info(f"  No resolvers available for type={default_package_type}")
 
 
 def get_manifest_resources(project):
@@ -188,19 +196,23 @@ def get_manifest_resources(project):
 
 
 def resolve_pypi_packages(input_location):
-    """Resolve the PyPI packages from the `input_location` requirements file."""
+    """Resolve the PyPI packages from the ``input_location`` requirements file."""
     python_version = f"{sys.version_info.major}{sys.version_info.minor}"
     operating_system = "linux"
 
-    inspector_output = resolve_dependencies(
+    resolution_output = python_inspector.resolve_dependencies(
         requirement_files=[input_location],
         python_version=python_version,
         operating_system=operating_system,
+        # Prefer source distributions over binary distributions,
+        # if no source distribution is available then binary distributions are used.
         prefer_source=True,
+        # Activate the verbosity and send it to the logger.
+        verbose=True,
+        printer=logger.info,
     )
 
-    packages = inspector_output.packages
-
+    packages = resolution_output.packages
     # python-inspector returns the `extracted_license_statement` under the
     # `declared_license` field.
     for package in packages:

scanpipe/tests/pipes/test_resolve.py

@@ -113,7 +113,7 @@ def test_scanpipe_pipes_resolve_get_packages_from_manifest(self):
         }
         self.assertEqual([expected], packages)
 
-    @mock.patch("scanpipe.pipes.resolve.resolve_dependencies")
+    @mock.patch("scanpipe.pipes.resolve.python_inspector.resolve_dependencies")
     def test_scanpipe_pipes_resolve_resolve_pypi_packages(self, mock_resolve):
         # Generated with:
         # $ python-inspector --python-version 3.12 --operating-system linux \

scanpipe/tests/test_pipelines.py

@@ -1302,7 +1302,7 @@ def test_scanpipe_resolve_dependencies_pipeline_integration_empty_manifest(self)
         expected = "No packages could be resolved"
         self.assertIn(expected, message.description)
 
-    @mock.patch("scanpipe.pipes.resolve.resolve_dependencies")
+    @mock.patch("scanpipe.pipes.resolve.python_inspector.resolve_dependencies")
     def test_scanpipe_resolve_dependencies_pipeline_integration_misc(
         self, mock_resolve_dependencies
     ):
@@ -1323,7 +1323,7 @@ def test_scanpipe_resolve_dependencies_pipeline_integration_misc(
         self.assertEqual(0, exitcode, msg=out)
         self.assertEqual(1, project1.discoveredpackages.count())
 
-    @mock.patch("scanpipe.pipes.resolve.resolve_dependencies")
+    @mock.patch("scanpipe.pipes.resolve.python_inspector.resolve_dependencies")
     def test_scanpipe_resolve_dependencies_pipeline_pypi_integration(
         self, mock_resolve_dependencies
     ):