chore: migrate to @trustify-da js client library (#848)

Author: Strum355

CHANGELOG.md

@@ -28,11 +28,11 @@
 - Fixed an issue with file diagnostics not triggering on `package.json` files when associated with the `jsonc` language ID. See [PR#759](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/759) for details.
 - Fixed a parsing issue that was causing version numbers to be considered floating
 point numbers. As a consequence version `1.80` was considered `1.8` and causing
-false positives. See [PR#221](https://github.com/trustification/exhort-javascript-api/pull/221) for details.
-- Fixed issue with ignoring Maven dependencies with version defined in properties. See [PR#219](https://github.com/trustification/exhort-javascript-api/pull/219) for details.
-- Do not generate package-lock file for non npm projects. See [PR#151](https://github.com/trustification/exhort-javascript-api/pull/151) for details.
-- Fix self-adding of npm workspace to package.json. See [PR#189](https://github.com/trustification/exhort-javascript-api/pull/189) for details.
-- Fix problem with Gradle projects including missing dependencies that were causing false positives. See [PR#225](https://github.com/trustification/exhort-javascript-api/pull/225) for details.
+false positives. See [PR#221](https://github.com/guacsec/trustify-da-javascript-client/pull/221) for details.
+- Fixed issue with ignoring Maven dependencies with version defined in properties. See [PR#219](https://github.com/guacsec/trustify-da-javascript-client/pull/219) for details.
+- Do not generate package-lock file for non npm projects. See [PR#151](https://github.com/guacsec/trustify-da-javascript-client/pull/151) for details.
+- Fix self-adding of npm workspace to package.json. See [PR#189](https://github.com/guacsec/trustify-da-javascript-client/pull/189) for details.
+- Fix problem with Gradle projects including missing dependencies that were causing false positives. See [PR#225](https://github.com/guacsec/trustify-da-javascript-client/pull/225) for details.
 
 ### Enhancements
 - Built-in Open Container Initiative (OCI) image analysis. Red Hat Dependency Analytics no longer uses the Exhort Java API. See [PR#772](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/772) for details.
@@ -41,8 +41,8 @@ false positives. See [PR#221](https://github.com/trustification/exhort-javascrip
 - Added support for the `pnpm` package manager. See [Issue#765](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/issues/765) for details.
 - Added debug logging output for Red Hat Dependency Analytics reports. See [PR#761](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/761) for details.
 - Added support for configuring Maven wrapper usage. See [PR#757](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/757) for details.
-- Improve error messages for package manager invocations. See [PR#159](https://github.com/trustification/exhort-javascript-api/pull/159), [PR#183](https://github.com/trustification/exhort-javascript-api/pull/183), [PR#185](https://github.com/trustification/exhort-javascript-api/pull/185) for details.
-- Support node version managers FNM and NVM. See [PR#206](https://github.com/trustification/exhort-javascript-api/pull/206) for details.
+- Improve error messages for package manager invocations. See [PR#159](https://github.com/guacsec/trustify-da-javascript-client/pull/159), [PR#183](https://github.com/guacsec/trustify-da-javascript-client/pull/183), [PR#185](https://github.com/guacsec/trustify-da-javascript-client/pull/185) for details.
+- Support node version managers FNM and NVM. See [PR#206](https://github.com/guacsec/trustify-da-javascript-client/pull/206) for details.
 
 ### Chores
 - `axios` updated from 1.7.2 to 1.9.0. See [PR#763](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/763) for details.
@@ -80,9 +80,9 @@ false positives. See [PR#221](https://github.com/trustification/exhort-javascrip
 - enhancement - Added a vulnerability severity alert level setting for the user to receive inline notifications for just errors or warnings. See [PR#674](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/674) for details.
 - fixes - Fixed an issue with the `codeActionsMap` call. When multiple manifest documents are open that have the same dependency, one of the document entries gets deleted. This gave a wrong result in the analysis. See [PR#236](https://github.com/fabric8-analytics/fabric8-analytics-lsp-server/pull/236) for details.
 - fixes - Fixed an issue in the Exhort Javascript API. This fix enables and supports analysis of `pom.xml` manifests that include local modules, and a parent Project Object Model (POM). See the [PR#237](https://github.com/fabric8-analytics/fabric8-analytics-lsp-server/pull/237) for details.
-- fixes - Fixed an issue with the analysis report not displaying because of spaces in the manifest file path. See [PR#100](https://github.com/trustification/exhort-javascript-api/pull/100) for details.
+- fixes - Fixed an issue with the analysis report not displaying because of spaces in the manifest file path. See [PR#100](https://github.com/guacsec/trustify-da-javascript-client/pull/100) for details.
 ## 0.9.1 (Dec 24th 2023)
-- fixes - Resolved endpoint configuration issue by removing EXHORT_DEV_MODE environment configuration parameter. See [PR#672](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/672) for details.
+- fixes - Resolved endpoint configuration issue by removing TRUSTIFY_DA_DEV_MODE environment configuration parameter. See [PR#672](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/672) for details.
 ## 0.9.0 (Dec 21th 2023)
 - informational - Service Preview release of Red Hat Dependency Analytics (RHDA) extension.
 - informational - Configuration names for all supported executable paths in the extension settings have changed. These executable paths are only used for the analysis.

README.md

@@ -350,7 +350,7 @@ Specify glob patterns for manifests to be ignored for background analysis e.g. `
 	This setting applies to Python and Go environments.
 
 	<br >An alternative workaround exists for Python environments only.
-	The user can start Visual Studio Code with the [`EXHORT_PYTHON_VIRTUAL_ENV`](https://github.com/RHEcosystemAppEng/exhort-javascript-api#:~:text=EXHORT_PYTHON_VIRTUAL_ENV) variable set to `true`.
+	The user can start Visual Studio Code with the [`TRUSTIFY_DA_PYTHON_VIRTUAL_ENV`](https://github.com/RHEcosystemAppEng/exhort-javascript-api#:~:text=TRUSTIFY_DA_PYTHON_VIRTUAL_ENV) variable set to `true`.
 	Doing this allows Red Hat Dependency Analytics to install Python packages into a virtual environment to perform the analysis.
 	The benefit is having a clean Python environment not influenced by earlier installations, but the downside is a significantly slower analysis process.
 

package-lock.json

@@ -427,8 +427,8 @@
   },
   "dependencies": {
     "@redhat-developer/vscode-redhat-telemetry": "^0.8.0",
-    "@trustification/exhort-api-spec": "^1.0.18",
-    "@trustification/exhort-javascript-api": "^0.2.4-ea.9",
+    "@trustify-da/trustify-da-api-model": "^2.0.1",
+    "@trustify-da/trustify-da-javascript-client": "^0.2.4-ea.96817e4",
     "@xml-tools/ast": "^5.0.5",
     "@xml-tools/parser": "^1.0.11",
     "cli-table3": "^0.6.5",

package.json

@@ -175,30 +175,30 @@ class Config {
     process.env['VSCEXT_ENABLE_PYTHON_BEST_EFFORTS_INSTALLATION'] = this.enablePythonBestEffortsInstallation;
     process.env['VSCEXT_USE_PIP_DEP_TREE'] = this.usePipDepTree;
     process.env['VSCEXT_VULNERABILITY_ALERT_SEVERITY'] = this.vulnerabilityAlertSeverity;
-    process.env['VSCEXT_EXHORT_MVN_PATH'] = this.exhortMvnPath;
-    process.env['VSCEXT_EXHORT_PREFER_MVNW'] = this.exhortPreferMvnw;
-    process.env['VSCEXT_EXHORT_MVN_ARGS'] = this.exhortMvnArgs;
-    process.env['VSCEXT_EXHORT_GRADLE_PATH'] = this.exhortGradlePath;
-    process.env['VSCEXT_EXHORT_PREFER_GRADLEW'] = this.exhortPreferGradlew;
-    process.env['VSCEXT_EXHORT_NPM_PATH'] = this.exhortNpmPath;
-    process.env['VSCEXT_EXHORT_YARN_PATH'] = this.exhortYarnPath;
-    process.env['VSCEXT_EXHORT_PNPM_PATH'] = this.exhortPnpmPath;
-    process.env['VSCEXT_EXHORT_GO_PATH'] = this.exhortGoPath;
-    process.env['VSCEXT_EXHORT_PYTHON3_PATH'] = this.exhortPython3Path;
-    process.env['VSCEXT_EXHORT_PIP3_PATH'] = this.exhortPip3Path;
-    process.env['VSCEXT_EXHORT_PYTHON_PATH'] = this.exhortPythonPath;
-    process.env['VSCEXT_EXHORT_PIP_PATH'] = this.exhortPipPath;
+    process.env['VSCEXT_TRUSTIFY_DA_MVN_PATH'] = this.exhortMvnPath;
+    process.env['VSCEXT_TRUSTIFY_DA_PREFER_MVNW'] = this.exhortPreferMvnw;
+    process.env['VSCEXT_TRUSTIFY_DA_MVN_ARGS'] = this.exhortMvnArgs;
+    process.env['VSCEXT_TRUSTIFY_DA_GRADLE_PATH'] = this.exhortGradlePath;
+    process.env['VSCEXT_TRUSTIFY_DA_PREFER_GRADLEW'] = this.exhortPreferGradlew;
+    process.env['VSCEXT_TRUSTIFY_DA_NPM_PATH'] = this.exhortNpmPath;
+    process.env['VSCEXT_TRUSTIFY_DA_YARN_PATH'] = this.exhortYarnPath;
+    process.env['VSCEXT_TRUSTIFY_DA_PNPM_PATH'] = this.exhortPnpmPath;
+    process.env['VSCEXT_TRUSTIFY_DA_GO_PATH'] = this.exhortGoPath;
+    process.env['VSCEXT_TRUSTIFY_DA_PYTHON3_PATH'] = this.exhortPython3Path;
+    process.env['VSCEXT_TRUSTIFY_DA_PIP3_PATH'] = this.exhortPip3Path;
+    process.env['VSCEXT_TRUSTIFY_DA_PYTHON_PATH'] = this.exhortPythonPath;
+    process.env['VSCEXT_TRUSTIFY_DA_PIP_PATH'] = this.exhortPipPath;
     process.env['VSCEXT_TELEMETRY_ID'] = this.telemetryId;
-    process.env['VSCEXT_EXHORT_SYFT_PATH'] = this.exhortSyftPath;
-    process.env['VSCEXT_EXHORT_SYFT_CONFIG_PATH'] = this.exhortSyftConfigPath;
-    process.env['VSCEXT_EXHORT_SKOPEO_PATH'] = this.exhortSkopeoPath;
-    process.env['VSCEXT_EXHORT_SKOPEO_CONFIG_PATH'] = this.exhortSkopeoConfigPath;
-    process.env['VSCEXT_EXHORT_DOCKER_PATH'] = this.exhortDockerPath;
-    process.env['VSCEXT_EXHORT_PODMAN_PATH'] = this.exhortPodmanPath;
-    process.env['VSCEXT_EXHORT_IMAGE_PLATFORM'] = this.exhortImagePlatform;
+    process.env['VSCEXT_TRUSTIFY_DA_SYFT_PATH'] = this.exhortSyftPath;
+    process.env['VSCEXT_TRUSTIFY_DA_SYFT_CONFIG_PATH'] = this.exhortSyftConfigPath;
+    process.env['VSCEXT_TRUSTIFY_DA_SKOPEO_PATH'] = this.exhortSkopeoPath;
+    process.env['VSCEXT_TRUSTIFY_DA_SKOPEO_CONFIG_PATH'] = this.exhortSkopeoConfigPath;
+    process.env['VSCEXT_TRUSTIFY_DA_DOCKER_PATH'] = this.exhortDockerPath;
+    process.env['VSCEXT_TRUSTIFY_DA_PODMAN_PATH'] = this.exhortPodmanPath;
+    process.env['VSCEXT_TRUSTIFY_DA_IMAGE_PLATFORM'] = this.exhortImagePlatform;
 
     // const token = await this.getSnykToken();
-    // process.env['VSCEXT_EXHORT_SNYK_TOKEN'] = token;
+    // process.env['VSCEXT_TRUSTIFY_DA_SNYK_TOKEN'] = token;
   }
 
   /**

src/config.ts

@@ -30,7 +30,7 @@ export enum Titles {
 }
 
 export const settingNameMappings: { [key: string]: string } = {
-  'EXHORT_PYTHON_VIRTUAL_ENV': 'Use Python Virtual Environment'
+  'TRUSTIFY_DA_PYTHON_VIRTUAL_ENV': 'Use Python Virtual Environment'
 };
 
 // Refer `name` from package.json

src/constants.ts

@@ -4,16 +4,16 @@
  * ------------------------------------------------------------------------------------------ */
 'use strict';
 
-import exhort, { Options } from '@trustification/exhort-javascript-api';
-import { AnalysisReport } from '@trustification/exhort-api-spec/model/v4/AnalysisReport';
+import exhort, { Options } from '@trustify-da/trustify-da-javascript-client';
 
 import { isDefined } from '../utils';
 import { IDependencyProvider } from '../dependencyAnalysis/collector';
 import { Uri } from 'vscode';
 import { notifications, outputChannelDep } from '../extension';
-import { Source } from '@trustification/exhort-api-spec/model/v4/Source';
-import { DependencyReport } from '@trustification/exhort-api-spec/model/v4/DependencyReport';
-import { Issue } from '@trustification/exhort-api-spec/model/v4/Issue';
+import { AnalysisReport } from '@trustify-da/trustify-da-api-model/model/v5/AnalysisReport';
+import { Source } from '@trustify-da/trustify-da-api-model/model/v5/Source';
+import { DependencyReport } from '@trustify-da/trustify-da-api-model/model/v5/DependencyReport';
+import { Issue } from '@trustify-da/trustify-da-api-model/model/v5/Issue';
 
 /**
  * Represents a source object with an ID and dependencies array.

src/dependencyAnalysis/analysis.ts

@@ -15,7 +15,7 @@ import { AbstractDiagnosticsPipeline } from '../diagnosticsPipeline';
 import { Diagnostic, DiagnosticSeverity, Uri } from 'vscode';
 import { notifications, outputChannelDep } from '../extension';
 import { globalConfig } from '../config';
-import { Options } from '@trustification/exhort-javascript-api';
+import { Options } from '@trustify-da/trustify-da-javascript-client';
 
 /**
  * Implementation of DiagnosticsPipeline interface.
@@ -100,26 +100,26 @@ async function performDiagnostics(diagnosticFilePath: Uri, contents: string, pro
   try {
     // Define configuration options for the component analysis request
     const options: Options = {
-      'RHDA_TOKEN': globalConfig.telemetryId,
-      'RHDA_SOURCE': globalConfig.utmSource,
+      'TRUSTIFY_DA_TOKEN': globalConfig.telemetryId,
+      'TRUSTIFY_DA_SOURCE': globalConfig.utmSource,
       'MATCH_MANIFEST_VERSIONS': globalConfig.matchManifestVersions,
-      'EXHORT_PROXY_URL': globalConfig.exhortProxyUrl,
-      'EXHORT_PYTHON_VIRTUAL_ENV': globalConfig.usePythonVirtualEnvironment,
-      'EXHORT_GO_MVS_LOGIC_ENABLED': globalConfig.useGoMVS,
-      'EXHORT_PYTHON_INSTALL_BEST_EFFORTS': globalConfig.enablePythonBestEffortsInstallation,
-      'EXHORT_PIP_USE_DEP_TREE': globalConfig.usePipDepTree,
-      'EXHORT_MVN_PATH': globalConfig.exhortMvnPath,
-      'EXHORT_PREFER_MVNW': globalConfig.exhortPreferMvnw,
-      'EXHORT_MVN_ARGS': globalConfig.exhortMvnArgs,
-      'EXHORT_GRADLE_PATH': globalConfig.exhortGradlePath,
-      'EXHORT_NPM_PATH': globalConfig.exhortNpmPath,
-      'EXHORT_YARN_PATH': globalConfig.exhortYarnPath,
-      'EXHORT_PNPM_PATH': globalConfig.exhortPnpmPath,
-      'EXHORT_GO_PATH': globalConfig.exhortGoPath,
-      'EXHORT_PYTHON3_PATH': globalConfig.exhortPython3Path,
-      'EXHORT_PIP3_PATH': globalConfig.exhortPip3Path,
-      'EXHORT_PYTHON_PATH': globalConfig.exhortPythonPath,
-      'EXHORT_PIP_PATH': globalConfig.exhortPipPath
+      'TRUSTIFY_DA_PROXY_URL': globalConfig.exhortProxyUrl,
+      'TRUSTIFY_DA_PYTHON_VIRTUAL_ENV': globalConfig.usePythonVirtualEnvironment,
+      'TRUSTIFY_DA_GO_MVS_LOGIC_ENABLED': globalConfig.useGoMVS,
+      'TRUSTIFY_DA_PYTHON_INSTALL_BEST_EFFORTS': globalConfig.enablePythonBestEffortsInstallation,
+      'TRUSTIFY_DA_PIP_USE_DEP_TREE': globalConfig.usePipDepTree,
+      'TRUSTIFY_DA_MVN_PATH': globalConfig.exhortMvnPath,
+      'TRUSTIFY_DA_PREFER_MVNW': globalConfig.exhortPreferMvnw,
+      'TRUSTIFY_DA_MVN_ARGS': globalConfig.exhortMvnArgs,
+      'TRUSTIFY_DA_GRADLE_PATH': globalConfig.exhortGradlePath,
+      'TRUSTIFY_DA_NPM_PATH': globalConfig.exhortNpmPath,
+      'TRUSTIFY_DA_YARN_PATH': globalConfig.exhortYarnPath,
+      'TRUSTIFY_DA_PNPM_PATH': globalConfig.exhortPnpmPath,
+      'TRUSTIFY_DA_GO_PATH': globalConfig.exhortGoPath,
+      'TRUSTIFY_DA_PYTHON3_PATH': globalConfig.exhortPython3Path,
+      'TRUSTIFY_DA_PIP3_PATH': globalConfig.exhortPip3Path,
+      'TRUSTIFY_DA_PYTHON_PATH': globalConfig.exhortPythonPath,
+      'TRUSTIFY_DA_PIP_PATH': globalConfig.exhortPipPath
     };
 
     const dependencies = provider.collect(contents);

src/dependencyAnalysis/diagnostics.ts

@@ -1,10 +1,10 @@
 'use strict';
 
 import * as vscode from 'vscode';
-import exhort, { ImageRef, Options, parseImageRef } from '@trustification/exhort-javascript-api';
+import exhort, { ImageRef, Options, parseImageRef } from '@trustify-da/trustify-da-javascript-client';
 
 import { IImageRef, type IOptions } from './imageAnalysis';
-import { AnalysisReport } from '@trustification/exhort-api-spec/model/v4/AnalysisReport';
+import { AnalysisReport } from '@trustify-da/trustify-da-api-model/model/v5/AnalysisReport';
 
 /**
  * Executes RHDA image analysis using the provided images and options.