Refine the DiscoveredDependency.create_from_data method #1145

Signed-off-by: tdruez <tdruez@nexb.com>

Author: tdruez

scanpipe/models.py

@@ -3777,6 +3777,12 @@ def create_from_data(
         Create and returns a DiscoveredDependency for a `project` from the
         `dependency_data`.
 
+        The `for_package` and `resolved_to_package` FK can be provided as args or
+        in the dependency_data providing the `for_package_uid` and
+        `resolve_to_package_uid`.
+        Note that a dependency without a `for_package` FK is a project dependency and
+        a dependency without a `resolve_to_package` is unresolved.
+
         If `strip_datafile_path_root` is True, then `create_from_data()` will
         strip the root path segment from the `datafile_path` of
         `dependency_data` before looking up the corresponding CodebaseResource
@@ -3792,11 +3798,13 @@ def create_from_data(
 
         for_package_uid = dependency_data.get("for_package_uid")
         if not for_package and for_package_uid:
-            for_package = project_packages_qs.get(package_uid=for_package_uid)
+            for_package = project_packages_qs.get_or_none(package_uid=for_package_uid)
 
-        resolved_to_uid = dependency_data.get("resolved_to_uid")
-        if not resolved_to_package and resolved_to_uid:
-            resolved_to_package = project_packages_qs.get(package_uid=resolved_to_uid)
+        resolve_to_package_uid = dependency_data.get("resolve_to_package_uid")
+        if not resolved_to_package and resolve_to_package_uid:
+            resolved_to_package = project_packages_qs.get_or_none(
+                package_uid=resolve_to_package_uid
+            )
 
         datafile_path = dependency_data.get("datafile_path")
         if not datafile_resource and datafile_path:

scanpipe/tests/test_models.py

@@ -2704,10 +2704,11 @@ def test_scanpipe_discovered_package_model_create_from_data_missing_type(self):
     def test_scanpipe_discovered_dependency_model_create_from_data(self):
         project1 = Project.objects.create(name="Analysis")
 
-        DiscoveredPackage.create_from_data(project1, package_data1)
+        package1 = DiscoveredPackage.create_from_data(project1, package_data1)
         CodebaseResource.objects.create(
             project=project1, path="daglib-0.3.2.tar.gz-extract/daglib-0.3.2/PKG-INFO"
         )
+        # Unresolved dependency
         dependency = DiscoveredDependency.create_from_data(
             project1, dependency_data1, strip_datafile_path_root=False
         )
@@ -2731,6 +2732,17 @@ def test_scanpipe_discovered_dependency_model_create_from_data(self):
             dependency.datafile_path,
         )
         self.assertEqual("pypi_sdist_pkginfo", dependency.datasource_id)
+        self.assertFalse(dependency.is_project_dependency)
+        self.assertTrue(dependency.is_for_package)
+        self.assertFalse(dependency.is_resolved_to_package)
+
+        # Resolved project dependency, resolved_to_package provided as arg
+        dependency2 = DiscoveredDependency.create_from_data(
+            project1, dependency_data={}, resolved_to_package=package1
+        )
+        self.assertTrue(dependency2.is_project_dependency)
+        self.assertFalse(dependency2.is_for_package)
+        self.assertTrue(dependency2.is_resolved_to_package)
 
     def test_scanpipe_discovered_package_model_unique_package_uid_in_project(self):
         project1 = Project.objects.create(name="Analysis")