ci: replace verification repository (#45)

.github/workflows/snapshot-publish.yml

@@ -0,0 +1,49 @@
+name: Publish snapshot of test scan
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+
+    steps:
+      - uses: actions/[email protected]
+
+      - name: Setup .NET Core
+        uses: actions/[email protected]
+        with:
+          dotnet-version: 3.1.x
+
+      - run: dotnet restore
+
+      - name: Install Apache Ivy
+        if: ${{ matrix.os == 'ubuntu-latest' }}
+        run: curl https://archive.apache.org/dist/ant/ivy/2.5.0/apache-ivy-2.5.0-bin.tar.gz | tar xOz apache-ivy-2.5.0/ivy-2.5.0.jar > /usr/share/ant/lib/ivy.jar
+
+      - name: Install Apache Ivy
+        if: ${{ matrix.os == 'windows-latest' }}
+        run: choco install ivy
+
+      - name: Install Apache Ivy
+        if: ${{ matrix.os == 'macos-latest' }}
+        run: brew install ivy
+
+      - name: Make output directory
+        run: mkdir ${{ github.workspace }}/output
+
+      - name: Scan verification repo
+        working-directory: src/Microsoft.ComponentDetection
+        run: dotnet run scan --Verbosity Verbose --SourceDirectory ${{ github.workspace }}/test/Microsoft.ComponentDetection.VerificationTests/resources --Output ${{ github.workspace }}/output
+
+      - name: Upload output folder
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-snapshot-output-${{ matrix.os }}
+          path: ${{ github.workspace }}/output

.github/workflows/snapshot-verify.yml

@@ -0,0 +1,82 @@
+name: Verify snapshot of test scan
+
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  verify:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+
+    steps:
+      - uses: actions/[email protected]
+
+      - name: Make release snapshot output directory
+        run: mkdir ${{ github.workspace }}/release-output
+
+      - name: Get latest release snapshot download url
+        id: download-latest-release-snapshot
+        uses: actions/[email protected]
+        with:
+          result-encoding: string
+          script: |
+            const res = await github.paginate(
+              github.rest.actions.listArtifactsForRepo.endpoint.merge({
+                owner: 'microsoft',
+                repo: 'component-detection',
+              })
+            );
+
+            return res
+              .filter(
+                (artifact) => artifact.name === 'release-snapshot-output-${{ matrix.os }}'
+              )
+              .sort((a, b) => new Date(b.updated_at) - new Date(a.updated_at))[0]
+              .archive_download_url;
+
+      - name: Download latest release snapshot
+        working-directory: ${{ github.workspace }}/release-output
+        run: |
+          curl -v -L -u octocat:${{ secrets.GITHUB_TOKEN }} -o output.zip "${{ steps.download-latest-release-snapshot.outputs.result }}"
+          unzip output.zip
+          rm output.zip
+
+      - name: Setup .NET Core
+        uses: actions/[email protected]
+        with:
+          dotnet-version: 3.1.x
+
+      - run: dotnet restore
+
+      - name: Install Apache Ivy
+        if: ${{ matrix.os == 'ubuntu-latest' }}
+        run: curl https://archive.apache.org/dist/ant/ivy/2.5.0/apache-ivy-2.5.0-bin.tar.gz | tar xOz apache-ivy-2.5.0/ivy-2.5.0.jar > /usr/share/ant/lib/ivy.jar
+
+      - name: Install Apache Ivy
+        if: ${{ matrix.os == 'windows-latest' }}
+        run: choco install ivy
+
+      - name: Install Apache Ivy
+        if: ${{ matrix.os == 'macos-latest' }}
+        run: brew install ivy
+
+      - name: Make output directory
+        run: mkdir ${{ github.workspace }}/output
+
+      - name: Scan verification repo
+        working-directory: src/Microsoft.ComponentDetection
+        run: dotnet run scan --Verbosity Verbose --SourceDirectory ${{ github.workspace }}/test/Microsoft.ComponentDetection.VerificationTests/resources --Output ${{ github.workspace }}/output
+
+      - name: Run Verification Tests
+        working-directory: test/Microsoft.ComponentDetection.VerificationTests
+        run: dotnet test
+        env:
+          OFFICIAL_BUILD: 'True'
+          GITHUB_OLD_ARTIFACTS_DIR: ${{ github.workspace }}/release-output
+          GITHUB_NEW_ARTIFACTS_DIR: ${{ github.workspace }}/output
+          ALLOWED_TIME_DRIFT_RATIO: '.75'

docs/creating-a-new-detector.md

@@ -117,7 +117,7 @@ It is expected that once `OnFileFound` completes, the `SingleFileComponentRecord
 
 ## Create Detector Tests
 
-We have two kind of tests for our detectors, unit tests and pre-production tests that verify complete graph outputs across 2 scan runs over an identical set of files (this set of files can be found over at https://github.com/microsoft/componentdetection-verification). In this section we are going to discuss how to add a unit test for your detector.
+We have two kind of tests for our detectors, unit tests and pre-production tests that verify complete graph outputs across 2 scan runs over an identical set of files (this set of files can be found over in `test/Microsoft.ComponentDetection.VerificationTests/resources/`). In this section we are going to discuss how to add a unit test for your detector.
 
 Detectors' unit tests are in the project _MS.VS.Services.Governance.CD.Detectors.L0.Tests_, to create a new test for your detector you just need to create a new test class inside this project.
 We recommend to test just one unique scenario in each test, avoid creating dependent tests. Since a detector depends on the content of the file to extract the components, we recommend using the minimum amount of file's sections that are needed to test your scenario. In order to reduce boilerplate, typically around configuring file locations, in our testing code we created a `DetectorTestUtility`.
@@ -128,7 +128,7 @@ From the example above you can see each test is initialized with a new `Detector
 
 ## How to run/debug your detector
 
-```
+```sh
 dotnet run --project "[YOUR REPO PATH]\src\Microsoft.ComponentDetection\Microsoft.ComponentDetection.csproj" scan
 --Verbosity Verbose
 --SourceDirectory [PATH TO THE REPO TO SCAN]
@@ -139,4 +139,6 @@ dotnet run --project "[YOUR REPO PATH]\src\Microsoft.ComponentDetection\Microsof
 
 ## How to setup E2E Verification Test
 
-The final step of the contribution to detectors is to setup its end to end verification tests. Please follow [these contributing guidelines](https://github.com/microsoft/componentdetection-verification/blob/main/CONTRIBUTING.md#contributing-a-new-project) from componentdetection-verification. As a good practice you should include the link to the verification test PR in the description of the pull request that contains the detector code.
+The final step of the contribution to detectors is to setup its end to end verification tests. These are located under the `test/Microsoft.ComponentDetection.VerificationTests/resources` directory.
+
+Each directory under the `resources` directory is related to an ecosystem that Component Detection can scan. Inside each ecosystem directory there are one or more projects, each in their own directory. Each project should fully exercise the detector's capabilities.

test/Microsoft.ComponentDetection.VerificationTests/resources/cocoapods/simple/Podfile

@@ -0,0 +1,3 @@
+target 'component-detection' do
+  pod 'Alamofire', '~> 5.4.4'
+end

test/Microsoft.ComponentDetection.VerificationTests/resources/cocoapods/simple/Podfile.lock

@@ -0,0 +1,16 @@
+PODS:
+  - Alamofire (5.4.4)
+
+DEPENDENCIES:
+  - Alamofire (~> 5.4.4)
+
+SPEC REPOS:
+  trunk:
+    - Alamofire
+
+SPEC CHECKSUMS:
+  Alamofire: f3b09a368f1582ab751b3fff5460276e0d2cf5c9
+
+PODFILE CHECKSUM: 4d0cb2c924af9fe33785bbff254ff8cff17b7994
+
+COCOAPODS: 1.11.2

test/Microsoft.ComponentDetection.VerificationTests/resources/cocoapods/tree/Podfile

@@ -0,0 +1,20 @@
+target 'cmponent-detection' do
+   pod 'Alamofire', '~> 5.2'
+   pod 'base64url'
+   pod 'CryptoSwift', '~> 1.0'
+   pod 'DeviceKit', '~> 3'
+   pod 'IQKeyboardManagerSwift', '~> 3'
+   pod 'JGProgressHUD'
+   pod 'LicensesViewController', '~> 0.9.0'
+   pod 'MaterialComponents/TextFields'
+   pod 'Mocker', '~> 2.2.0'
+   pod 'PhoneNumberKit', '~> 3.3'
+   pod 'RealmSwift'
+   pod 'RxAppState'
+   pod 'RxSwift'
+   pod 'SimpleCheckbox'
+   pod 'SwiftBase32'
+   pod 'SwiftGen', '~> 6.0'
+   pod 'TTTAttributedLabel'
+   pod 'Validator'
+end

test/Microsoft.ComponentDetection.VerificationTests/resources/go/go.mod

@@ -0,0 +1,7 @@
+module github.com/microsoft/component-detection
+
+go 1.17
+
+require github.com/sirupsen/logrus v1.8.1
+
+require golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 // indirect

test/Microsoft.ComponentDetection.VerificationTests/resources/go/go.sum

@@ -0,0 +1,10 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
+github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=