Skip to content

[ANE-2484] Download ficus in vendor_download.sh #1565

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 11, 2025
Merged

[ANE-2484] Download ficus in vendor_download.sh #1565

merged 5 commits into from
Aug 11, 2025

Conversation

james-fossa
Copy link
Contributor

@james-fossa james-fossa commented Jul 23, 2025
edited by jira bot
Loading

Overview

Pull ficus' latest release in as part of vendor_download.sh.

Acceptance criteria

  • If this PR is successful, we will download ficus as part of vendor_download.sh on any supported platform.
  • It will not be called in the CLI (yet.)
  • There is no CHANGELOG change here because the internal binary is not called anywhere and so is invisible to the user.

Testing plan

  • Locally comment-out case statements on uname -s to force e.g. MacOS vs Windows, and witness this continue to work on both.
  • If it doesn't work, we will fail CI
  • No new tests, as CI should serve as a test

Risks

Low-to-no-risk: the resulting ficus is not called yet.

Metrics

N/A

References

Checklist

  • I added tests for this PR's change (or explained in the PR description why tests don't make sense).
  • If this PR introduced a user-visible change, I added documentation into docs/.
  • If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
  • If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an ## Unreleased section at the top.
  • If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
  • If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.

@james-fossa james-fossa requested a review from a team as a code owner July 23, 2025 16:36
@james-fossa james-fossa requested a review from csasarak July 23, 2025 16:36
@james-fossa james-fossa force-pushed the ane-2484-vendor-bins branch from 4989798 to 83709b6 Compare July 23, 2025 21:55
@james-fossa @jagonalez
[ANE-2484][ANE-2503] Actually call Ficus, use --x-snippet-scan as a…
727bf26 
… flag. (#1573)

* gradle: exclude constraints when retrieving dependencies (#1563)

* [ane-2575] scan all layers for os info (#1566)

* scan all layers for os info

* add test

* lint

* accidently on purposed

* whitespace

* typo

* update changelog

* no need to log

* prepare for release

* WIP

* WIP

* Get ficus wired in and at least vaguely tested. More to do to get tests to be coherent.

Now we're cooking with gas:
```
Running Ficus analysis on /Users/jclemer/wam/
[DEBUG] Executing ficus
[DEBUG] Ficus returned 4 errors, 0 debug messages, 1 findings
[WARN] ERROR fingerprint: Read(
      Custom {
          kind: InvalidData,
          error: "binary file detected: /Users/jclemer/wam/.git/index",
      },
  )
[WARN] ERROR fingerprint: Read(
      Custom {
          kind: InvalidData,
          error: "binary file detected: /Users/jclemer/wam/.git/objects/pack/pack-183ce412024750728f9349e31668d39ee389840e.idx",
      },
  )
[WARN] ERROR fingerprint: Read(
      Custom {
          kind: InvalidData,
          error: "binary file detected: /Users/jclemer/wam/.git/objects/pack/pack-183ce412024750728f9349e31668d39ee389840e.pack",
      },
  )
[WARN] ERROR fingerprint: Read(
      Custom {
          kind: InvalidData,
          error: "binary file detected: /Users/jclemer/wam/.git/objects/pack/pack-183ce412024750728f9349e31668d39ee389840e.rev",
      },
  )
FINDING fingerprint: {"analysis_id":15}
Ficus analysis completed successfully with analysis ID: 15
```

* Fixing up formatting

* [ANE-2484] Add ficus to extra-source files

* Fix FICUS_ASSET_POSTFIX to match changed release

* Fix Windows postfix for changed release

* Change themis arch in suffix

---------

Co-authored-by: Jeremy Gonzalez <jeremy@fossa.com>
@james-fossa james-fossa force-pushed the ane-2484-vendor-bins branch 4 times, most recently from f2769f8 to 727bf26 Compare August 7, 2025 21:42
@james-fossa james-fossa requested a review from csasarak August 7, 2025 21:47
@james-fossa james-fossa force-pushed the ane-2484-vendor-bins branch from e39a6c6 to 2f8d6af Compare August 8, 2025 18:53
@james-fossa james-fossa force-pushed the ane-2484-vendor-bins branch from 01b2de3 to 92f4c1e Compare August 8, 2025 20:09
@james-fossa james-fossa merged commit 1d7368f into master Aug 11, 2025
19 checks passed
@james-fossa james-fossa deleted the ane-2484-vendor-bins branch August 11, 2025 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@csasarak csasarak Awaiting requested review from csasarak

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@james-fossa @csasarak