add support for dependencies

[fnxpt]

Fixes #58

Still need to add tests for this

[macblazer]

Thanks for working on this. It does need some unit tests to ensure

1. The analyzer is finding the right dependencies, and
2. The BOMBuilder is generating the right output with the dependencies.

The existing SimplePod and TestingPod fixtures both have a single dependency in them that can help with the tests. It might be good to create one more fixture with maybe a couple of dependencies to ensure it's iterating over everything correctly.

[macblazer]

Codacy is asking you to put pods: as the first parameter because pods is the only parameter that does not specify a default value. Calls to this function can then look like one of the following (note that pods is always first because it has to be specified):

BOMBuilder.new(pods: pods)
BOMBuilder.new(pods: pods, component: myComponent)
BOMBuilder.new(pods: pods, dependencies: deps)
BOMBuilder.new(pods: pods, component: myComponent, dependencies: deps)

[fnxpt]

Sorry for the delay, I added tests for pod analyzer I will do the same with bom builder later, but for the restrictedPod the code is breaking on the sources, any idea why?

[macblazer]

Sorry for the delay, I added tests for pod analyzer I will do the same with bom builder later, but for the restrictedPod the code is breaking on the sources, any idea why?

The RestrictedPod is a fixture because it has a nice edge case where the Podfile is for iOS, and the EFQRCode pod has a dependency that is not used for iOS. The way CocoaPods works in this case is that the Podfile.lock shows the dependency on swift_qrcodejs under the PODS section, but swift_qrcodejs is not listed as a top-level pod in the PODS section and is not present at all in the DEPENDENCIES, SPEC REPOS, or SPEC CHECKSUMS sections. The function append_all_pod_dependencies in the podfile_analyzer.rb takes this into account, but your new function dependencies_hash_of_lockfile_pods does not.

In the bom.xml output tests for the RestrictedPod, I would not expect to see any references to swift_qrcodejs because it is not actually being used for this iOS target.

It might be better to restructure the new code by adding new capability to the append_all_pod_dependencies function (at line 169) instead of having the whole new function that iterates over the entire lock file a second time. Something like

def append_all_pod_dependencies(pods_used, pods_cache)
  result = pods_used
  dependencies_hash = [] # new
  original_number = 0
  # Loop adding pod dependencies until we are not adding any more dependencies to the result
  # This brings in all the transitive dependencies of every top level pod.
  # Note this also handles two edge cases:
  #  1. Having a Podfile with no pods used.
  #  2. Having a pod that has a platform-specific dependency that is unused for this Podfile.
  while result.length != original_number
    original_number = result.length
    pods_used.each { |pod_name|
      if pods_cache.key?(pod_name) && !pods_cache[pod_name].empty? # new
         result.push(*pods_cache[pod_name]) # changed
         dependencies_hash[pod_name] = *pods_cache[pod_name] # new
         # maybe additional dependency processing needed here???
      end
    }
    result = result.uniq
    # maybe additional dependency processing needed here???
    pods_used = result
  end
  result # change this to return result and dependencies_hash or make dependencies_hash a class property
end

[fnxpt]

I will change it to reflect that

[fnxpt]

Fixed the issue with Reserved Podfile... @macblazer I think the only thing missing is adding tests to the bom builder. Are you able to help with this part?

[fnxpt]

cleaned up a little bit the code, following your advice, also added bom_builder tests following the already existing tests.
Tomorrow I will fix the remaining lint issues

[fnxpt]

Everything should be ok now

[fnxpt]

@macblazer can you have another look?

[macblazer]

Thanks for this contribution and working through all the updates.