fix(Dockerfile):

[janniclas]

These changes address the build issues I encountered on my Mac. The changes were tested on arm and x86 and should hopefully work.
If I find time this afternoon I might update the Ruby installation as suggested by @heliocastro in #10882. However, this PR can also be merged without these changes.

Changes made:

• Added PYTHON_CLICK_VERSION to .env.versions and Dockerfile to explicitly fulfill the requirements of ScanCode (there were problems especially on MacOS without the explicit dependency)
• Adjusted dependency installation order to fix build problems with ScanCode
• Fixed missing = when setting the UV version

[sschuberth]

Thanks for the contribution @janniclas! However, please have a look at the contribution guidelines, esp. the part about crafting commits. We're rather strict about not mixing independent fixes / changes into a single commit.

So for example this line is a correct fix for something that's totally unrelated to making the Docker image build on a Mac. And as such this change should be separated out into another (preceding) commit as part of this PR (there's no need to create another PR).

Also, the commit messages should detail why a change was made in a particular way, and not just repeat what was done, as that can be seen from the diff 😉

[janniclas]

Update coming soon :)

[janniclas]

I've tested the Dockerfile on a Linux and Mac machine and was able to generate a SBOM for a small project (https://github.com/fraunhofer-iem/spha-ui). However, on a larger project (https://github.com/microsoft/vscode) the analyzer crashed when running the docker container on my Mac. This looks like a runtime problem unrelated to the Docker image so that shouldn't keep us from wrapping this up.

Error for reference:

Exception in thread "main" java.lang.IllegalArgumentException: The following references do not actually refer to packages: 'NPM::keytar:7.9.0'.
        at org.ossreviewtoolkit.model.utils.DependencyGraphBuilder.checkReferences(DependencyGraphBuilder.kt:207)
        at org.ossreviewtoolkit.model.utils.DependencyGraphBuilder.build(DependencyGraphBuilder.kt:177)
        at org.ossreviewtoolkit.model.utils.DependencyGraphBuilder.build$default(DependencyGraphBuilder.kt:176)
        at org.ossreviewtoolkit.plugins.packagemanagers.node.NodePackageManager.createPackageManagerResult(NodePackageManager.kt:94)
        at org.ossreviewtoolkit.analyzer.PackageManager.resolveDependencies(PackageManager.kt:352)
        at org.ossreviewtoolkit.analyzer.PackageManagerRunner$run$3.invokeSuspend(Analyzer.kt:352)
        at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:34)
        at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:100)
        at kotlinx.coroutines.internal.LimitedDispatcher$Worker.run(LimitedDispatcher.kt:124)
        at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:89)
        at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:586)
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:820)
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:717)
        at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:704)

[sschuberth]

This looks like a runtime problem unrelated to the Docker image so that shouldn't keep us from wrapping this up.

Indeed. That looks more like an issue with a Mac-specific Node package, similar to issues with fsevents that we saw before.