feat: add support for all build tools

Signed-off-by: behnazh-w <[email protected]>

Author: behnazh-w

pyproject.toml

@@ -224,6 +224,9 @@ load-plugins = [
     "pylint.extensions.set_membership",
     "pylint.extensions.typing",
 ]
+# Disable unsubscriptable-object because Pylint has false positives and this check
+# overlaps with mypy's checks. Enable the check when the related issue is resolved:
+# https://github.com/pylint-dev/pylint/issues/9549
 disable = [
     "fixme",
     "line-too-long",  # Replaced by Flake8 Bugbear B950 check.
@@ -242,6 +245,7 @@ disable = [
     "too-many-return-statements",
     "too-many-statements",
     "duplicate-code",
+    "unsubscriptable-object",
 ]
 
 [tool.pylint.MISCELLANEOUS]

src/macaron/build_spec_generator/common_spec/core.py

@@ -23,6 +23,7 @@
     lookup_latest_component,
 )
 from macaron.errors import GenerateBuildSpecError, QueryMacaronDatabaseError
+from macaron.json_tools import json_extract
 from macaron.slsa_analyzer.checks.build_tool_check import BuildToolFacts
 
 logger: logging.Logger = logging.getLogger(__name__)
@@ -122,7 +123,7 @@ def compose_shell_commands(cmds_sequence: list[list[str]]) -> str:
 
 def get_macaron_build_tools(
     build_tool_facts: Sequence[BuildToolFacts], target_language: str
-) -> dict[str, dict[str, str | None]] | None:
+) -> dict[str, dict[str, float | str | None]] | None:
     """
     Retrieve the Macaron build tool names for supported projects from the database facts.
 
@@ -142,21 +143,26 @@ def get_macaron_build_tools(
         The corresponding Macaron build tool name, config_path, confidence score, optional build tool version,
         and optional root config path if present.
     """
-    build_tools = {}
+    build_tools: dict[str, dict[str, float | str | None]] = {}
     for fact in build_tool_facts:
         if fact.language.lower() == target_language:
             try:
                 tool_name = MacaronBuildToolName(fact.build_tool_name).value
-                build_tool_info = {
+                current_confidence: float = float(fact.confidence)
+                build_tool_info: dict[str, float | str | None] = {
                     "build_config_path": fact.build_config_path,
-                    "confidence_score": fact.confidence,
+                    "confidence_score": current_confidence,
                     "build_tool_version": fact.build_tool_version,
                     "root_build_config_path": fact.root_build_config_path,
                 }
                 existing_build_tool_info = build_tools.get(tool_name)
+                existing_confidence = (
+                    existing_build_tool_info.get("confidence_score") if existing_build_tool_info is not None else None
+                )
                 if (
                     existing_build_tool_info is None
-                    or build_tool_info["confidence_score"] > existing_build_tool_info["confidence_score"]
+                    or not isinstance(existing_confidence, float)
+                    or current_confidence > existing_confidence
                 ):
                     build_tools[tool_name] = build_tool_info
             except ValueError:
@@ -166,7 +172,7 @@ def get_macaron_build_tools(
 
 def get_build_tools(
     component_id: int, session: sqlalchemy.orm.Session, target_language: str
-) -> dict[str, dict[str, float, str | None]] | None:
+) -> dict[str, dict[str, float | str | None]] | None:
     """Retrieve the Macaron build tool names for a given component.
 
     Queries the database for build tool facts associated with the specified component ID.
@@ -295,6 +301,36 @@ def get_language_version(
     return None
 
 
+def _build_spec_build_command(
+    build_tools: dict[str, dict[str, float | str | None]],
+    build_tool_name: str,
+    command: list[str],
+) -> SpecBuildCommandDict | None:
+    """Build a single SpecBuildCommandDict entry for a given build tool."""
+    build_config_path = json_extract(build_tools, [build_tool_name, "build_config_path"], str)
+    # build_config_path is a required field.
+    if build_config_path is None:
+        return None
+
+    root_build_config_path = json_extract(build_tools, [build_tool_name, "root_build_config_path"], str)
+    build_tool_version = json_extract(build_tools, [build_tool_name, "build_tool_version"], str)
+    confidence_score = json_extract(build_tools, [build_tool_name, "confidence_score"], float)
+    if confidence_score is None:
+        return None
+
+    build_spec = SpecBuildCommandDict(
+        build_tool=build_tool_name,
+        command=command,
+        build_config_path=build_config_path,
+        confidence_score=confidence_score,
+    )
+    if root_build_config_path is not None:
+        build_spec["root_build_config_path"] = root_build_config_path
+    if build_tool_version is not None:
+        build_spec["build_tool_version"] = build_tool_version
+    return build_spec
+
+
 def gen_generic_build_spec(
     purl: PackageURL,
     session: sqlalchemy.orm.Session,
@@ -384,30 +420,24 @@ def gen_generic_build_spec(
             db_build_command_info or "Cannot find any.",
         )
         lang_version = get_language_version(db_build_command_info) if db_build_command_info else ""
-        spec_build_commad_info_list.append(
-            SpecBuildCommandDict(
-                build_tool=db_build_command_info.build_tool_name,
-                command=db_build_command_info.command,
-                build_config_path=build_tools[db_build_command_info.build_tool_name]["build_config_path"],
-                root_build_config_path=build_tools[db_build_command_info.build_tool_name]["root_build_config_path"],
-                build_config_version=build_tools[db_build_command_info.build_tool_name]["build_tool_version"],
-                confidence_score=build_tools[db_build_command_info.build_tool_name]["confidence_score"],
-            )
+        build_spec_command = _build_spec_build_command(
+            build_tools=build_tools,
+            build_tool_name=db_build_command_info.build_tool_name,
+            command=db_build_command_info.command,
         )
+        if build_spec_command is not None:
+            spec_build_commad_info_list.append(build_spec_command)
 
     # If no build commands were found from the analyze phase, add default commands for the identified build tools.
     if not db_build_command_info_list:
         for build_tool_name in build_tool_names:
-            spec_build_commad_info_list.append(
-                SpecBuildCommandDict(
-                    build_tool=build_tool_name,
-                    command=[],
-                    build_config_path=build_tools[build_tool_name]["build_config_path"],
-                    root_build_config_path=build_tools[build_tool_name]["root_build_config_path"],
-                    build_config_version=build_tools[build_tool_name]["build_tool_version"],
-                    confidence_score=build_tools[build_tool_name]["confidence_score"],
-                )
+            build_spec_command = _build_spec_build_command(
+                build_tools=build_tools,
+                build_tool_name=build_tool_name,
+                command=[],
             )
+            if build_spec_command is not None:
+                spec_build_commad_info_list.append(build_spec_command)
 
     base_build_spec_dict = BaseBuildSpecDict(
         {

src/macaron/build_spec_generator/common_spec/maven_spec.py

@@ -96,7 +96,7 @@ def resolve_fields(self, purl: PackageURL) -> None:
 
         # Resolve and patch build commands.
         for build_cmd_spec in self.data["build_commands"]:
-            if build_cmd_spec["command"] == None:
+            if not build_cmd_spec["command"]:
                 self.set_default_build_commands(build_cmd_spec)
 
         for build_command_info in self.data["build_commands"]:

src/macaron/build_spec_generator/common_spec/pypi_spec.py

@@ -62,7 +62,7 @@ def set_default_build_commands(
                 # "python -m flit.tomlify"
                 build_cmd_spec["command"] = "flit build".split()
             case "hatch":
-                build_cmd_spec["command"] = command = "hatch build".split()
+                build_cmd_spec["command"] = "hatch build".split()
             case _:
                 logger.debug(
                     "There is no default build command available for the build tools %s.",
@@ -92,7 +92,6 @@ def resolve_fields(self, purl: PackageURL) -> None:
 
         upstream_artifacts: dict[str, list[str]] = {}
         pypi_package_json = pypi_registry.find_or_create_pypi_asset(purl.name, purl.version, registry_info)
-        patched_build_commands: list[SpecBuildCommandDict] = []
         build_backends_set: set[str] = set()
         parsed_build_requires: dict[str, str] = {}
         sdist_build_requires: dict[str, str] = {}
@@ -257,6 +256,8 @@ def resolve_fields(self, purl: PackageURL) -> None:
         if not self.data["has_binaries"]:
             for build_cmd_spec in self.data["build_commands"]:
                 self.set_default_build_commands(build_cmd_spec)
+        else:
+            self.data["build_commands"] = []
         self.data["upstream_artifacts"] = upstream_artifacts
 
     def add_parsed_requirement(self, build_requirements: dict[str, str], requirement: str) -> None:

src/macaron/build_spec_generator/reproducible_central/reproducible_central.py

@@ -88,10 +88,13 @@ def gen_reproducible_central_build_spec(build_spec: BaseBuildSpecDict) -> str |
     # Add -Dmaven.test.skip for Maven builds.
     # TODO: Use the build tool associated with the build command once
     # https://github.com/oracle/macaron/issues/1300 is closed.
-    adapted_build_commands = [
-        cmd[:1] + ["-Dmaven.test.skip=true"] + cmd[1:] if ReproducibleCentralBuildTool.MAVEN in cmd[0] else cmd
-        for cmd in build_spec["build_commands"]
-    ]
+    adapted_build_commands: list[list[str]] = []
+    for build_command in build_spec["build_commands"]:
+        command = build_command["command"]
+        if command and ReproducibleCentralBuildTool.MAVEN.value in command[0]:
+            adapted_build_commands.append(command[:1] + ["-Dmaven.test.skip=true"] + command[1:])
+        else:
+            adapted_build_commands.append(command)
 
     template_format_values: dict[str, str] = {
         "macaron_version": importlib_metadata.version("macaron"),
@@ -104,9 +107,7 @@ def gen_reproducible_central_build_spec(build_spec: BaseBuildSpecDict) -> str |
         "newline": build_spec["newline"],
         "buildinfo": f"target/{build_spec['artifact_id']}-{build_spec['version']}.buildinfo",
         "jdk": build_spec["language_version"][0],
-        "command": compose_shell_commands(
-            [b_info["command"] for b_info in adapted_build_commands["build_commands"] if b_info["command"]]
-        ),
+        "command": compose_shell_commands([command for command in adapted_build_commands if command]),
     }
 
     return STRING_TEMPLATE.format_map(template_format_values)

src/macaron/parsers/pomparser.py

@@ -79,7 +79,7 @@ def extract_gav_from_pom(pom_file: Path) -> tuple[str | None, str | None, str |
         logger.debug("Could not parse pom.xml: %s", str(pom_file))
         return None, None, None
 
-    def _find_child_text(parent, local_name: str) -> str | None:
+    def _find_child_text(parent: Element, local_name: str) -> str | None:
         # The closing curly brace represents the end of the XML namespace.
         elem = next((ch for ch in parent if ch.tag.endswith("}" + local_name)), None)
         if elem is None or not elem.text:
@@ -146,7 +146,7 @@ def detect_parent_pom(pom_path: Path, repo_root: str | Path) -> str | None:
     if pom_root is None:
         return None
 
-    def _find_child(elem, local_name: str):
+    def _find_child(elem: Element, local_name: str) -> Element | None:
         return next((ch for ch in elem if ch.tag.endswith("}" + local_name)), None)
 
     parent_elem = _find_child(pom_root, "parent")
@@ -200,18 +200,14 @@ def pom_has_modules(pom_path: Path) -> bool:
     if pom_root is None:
         return False
 
-    def _find_child(elem, local_name: str):
+    def _find_child(elem: Element, local_name: str) -> Element | None:
         return next((ch for ch in elem if ch.tag.endswith("}" + local_name)), None)
 
     modules_elem = _find_child(pom_root, "modules")
     if modules_elem is None:
         return False
 
-    for ch in modules_elem:
-        if ch.tag.endswith("}module") and ch.text and ch.text.strip():
-            return True
-
-    return False
+    return any(ch.tag.endswith("}module") and ch.text and ch.text.strip() for ch in modules_elem)
 
 
 def find_nearest_modules_pom(

src/macaron/slsa_analyzer/analyzer.py

@@ -1050,8 +1050,6 @@ def _determine_build_tools(self, analyze_ctx: AnalyzeContext, git_service: BaseG
                 continue
 
             if build_tool.match_purl_type(analyze_ctx.component.type):
-                if build_tool.name not in ["pip", "maven", "hatch", "gradle"]:
-                    continue
                 logger.info(
                     "Checking if the repo %s uses build tool %s",
                     analyze_ctx.component.repository.complete_name,

src/macaron/slsa_analyzer/build_tool/base_build_tool.py

@@ -95,8 +95,7 @@ def file_exists(
     path: str,
     file_name: str,
     filters: list[str] | None = None,
-    predicate: Callable[[Path, Any], bool] | None = None,
-    *predicate_args: Any,
+    predicate: Callable[..., bool] | None = None,
     **predicate_kwargs: Any,
 ) -> Path | None:
     """Search recursively for the first matching file, optionally validating it with a predicate.
@@ -119,9 +118,7 @@ def file_exists(
         Optional callable used to validate a matched file. If provided, a file is
         accepted only if ``predicate(candidate_path, *predicate_args, **predicate_kwargs)``
         returns ``True``.
-    *predicate_args : Any
-        Positional arguments forwarded to `predicate`.
-    **predicate_kwargs : Any
+    predicate_kwargs : Any
         Keyword arguments forwarded to `predicate`.
 
     Returns
@@ -136,7 +133,7 @@ def file_exists(
     root_dir = Path(path)
 
     def _accepted(p: Path) -> bool:
-        return True if predicate is None else bool(predicate(p, *predicate_args, **predicate_kwargs))
+        return True if predicate is None else bool(predicate(p, **predicate_kwargs))
 
     # Check for file directly at root.
     if target_path := find_first_matching_file(root_dir, file_name):

src/macaron/slsa_analyzer/build_tool/conda.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2025 - 2025, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2025 - 2026, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """This module contains the Conda class which inherits BaseBuildTool.
@@ -66,7 +66,13 @@ def is_detected(
             Tuples of ``(config_path, confidence_score, build_tool_version, parent_pom)``,
             where paths are relative to `repo_path` and `parent_pom` may be ``None``.
         """
-        return any(file_exists(repo_path, file, filters=self.path_filters) for file in self.build_configs)
+        results: list[tuple[str, float, str | None, str | None]] = []
+        confidence_score = 1.0
+        for config_name in self.build_configs:
+            if config_path := file_exists(repo_path, config_name, filters=self.path_filters):
+                results.append((str(config_path.relative_to(repo_path)), confidence_score, None, None))
+                confidence_score = confidence_score / 2
+        return results
 
     def get_dep_analyzer(self) -> DependencyAnalyzer:
         """Create a DependencyAnalyzer for the build tool.

src/macaron/slsa_analyzer/build_tool/docker.py

@@ -1,4 +1,4 @@
-# Copyright (c) 2023 - 2025, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2023 - 2026, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
 
 """This module contains the Docker class which inherits BaseBuildTool.
@@ -55,4 +55,10 @@ def is_detected(
             Tuples of ``(config_path, confidence_score, build_tool_version, parent_pom)``,
             where paths are relative to `repo_path` and `parent_pom` may be ``None``.
         """
-        return any(file_exists(repo_path, file, filters=self.path_filters) for file in self.build_configs)
+        results: list[tuple[str, float, str | None, str | None]] = []
+        confidence_score = 1.0
+        for config_name in self.build_configs:
+            if config_path := file_exists(repo_path, config_name, filters=self.path_filters):
+                results.append((str(config_path.relative_to(repo_path)), confidence_score, None, None))
+                confidence_score = confidence_score / 2
+        return results