feat(scanner): Store VCS plugin config in NestedProvenanceStorage

If particular VCS plugin configurations are active during a
scan (like `submoduleFetchStrategy=TOP_LEVEL_ONLY`),
ensure that VCS plugin configurations are stored alongside nested
provenance data. This prevents reuse of cache entries across scans
with differing VCS plugin settings, ensuring correctness and
reliability of scan results.

Signed-off-by: Wolfgang Klenk <[email protected]>

Author: wkl3nk

dao/src/main/kotlin/tables/NestedProvenancesTable.kt

@@ -35,6 +35,11 @@ object NestedProvenancesTable : LongIdTable("nested_provenances") {
 
     val rootResolvedRevision = text("root_resolved_revision")
     val hasOnlyFixedRevisions = bool("has_only_fixed_revisions")
+
+    // If specific VCS plugin configurations are used, store a canonical string representation of these configuration
+    // options in this column. This ensures that results are only reused for scans with identical VCS plugin
+    // configurations.
+    val vcsPluginConfigs = text("vcs_plugin_configs").nullable()
 }
 
 class NestedProvenanceDao(id: EntityID<Long>) : LongEntity(id) {
@@ -44,6 +49,7 @@ class NestedProvenanceDao(id: EntityID<Long>) : LongEntity(id) {
 
     var rootResolvedRevision by NestedProvenancesTable.rootResolvedRevision
     var hasOnlyFixedRevisions by NestedProvenancesTable.hasOnlyFixedRevisions
+    var vcsPluginConfigs by NestedProvenancesTable.vcsPluginConfigs
 
     val packageProvenances by PackageProvenanceDao optionalReferrersOn PackageProvenancesTable.nestedProvenanceId
     val subRepositories by NestedProvenanceSubRepositoryDao referrersOn

workers/scanner/src/main/kotlin/scanner/OrtServerNestedProvenanceStorage.kt

@@ -42,7 +42,8 @@ import org.ossreviewtoolkit.utils.ort.runBlocking
 
 class OrtServerNestedProvenanceStorage(
     private val db: Database,
-    private val packageProvenanceCache: PackageProvenanceCache
+    private val packageProvenanceCache: PackageProvenanceCache,
+    private val vcsPluginConfigs: String?
 ) : NestedProvenanceStorage {
     override fun writeNestedProvenance(
         root: RepositoryProvenance,
@@ -64,6 +65,7 @@ class OrtServerNestedProvenanceStorage(
             rootVcs = vcsDao
             rootResolvedRevision = root.resolvedRevision
             hasOnlyFixedRevisions = result.hasOnlyFixedRevisions
+            vcsPluginConfigs = this@OrtServerNestedProvenanceStorage.vcsPluginConfigs
         }
 
         result.nestedProvenance.subRepositories.forEach { (path, repositoryProvenance) ->
@@ -89,7 +91,11 @@ class OrtServerNestedProvenanceStorage(
                 .where {
                     VcsInfoTable.type eq resolvedVcs.type.name and
                             (VcsInfoTable.url eq resolvedVcs.url) and
-                            (VcsInfoTable.revision eq resolvedVcs.revision)
+                            (VcsInfoTable.revision eq resolvedVcs.revision) and
+                            (
+                                    NestedProvenancesTable.vcsPluginConfigs eq
+                                            this@OrtServerNestedProvenanceStorage.vcsPluginConfigs
+                                    )
                 }.orderBy(NestedProvenancesTable.id to SortOrder.DESC)
                 .limit(1)
                 .singleOrNull()

workers/scanner/src/main/kotlin/scanner/ScannerRunner.kt

@@ -20,6 +20,7 @@
 package org.eclipse.apoapsis.ortserver.workers.scanner
 
 import org.eclipse.apoapsis.ortserver.model.ScannerJobConfiguration
+import org.eclipse.apoapsis.ortserver.model.SubmoduleFetchStrategy
 import org.eclipse.apoapsis.ortserver.workers.common.OrtServerFileListStorage
 import org.eclipse.apoapsis.ortserver.workers.common.context.WorkerContext
 import org.eclipse.apoapsis.ortserver.workers.common.mapToOrt
@@ -33,6 +34,7 @@ import org.ossreviewtoolkit.model.PackageType
 import org.ossreviewtoolkit.model.Provenance
 import org.ossreviewtoolkit.model.ScannerRun
 import org.ossreviewtoolkit.model.SourceCodeOrigin
+import org.ossreviewtoolkit.model.VcsType
 import org.ossreviewtoolkit.model.config.DownloaderConfiguration
 import org.ossreviewtoolkit.model.config.ScannerConfiguration
 import org.ossreviewtoolkit.model.utils.FileArchiver
@@ -50,6 +52,18 @@ class ScannerRunner(
     private val fileArchiver: FileArchiver,
     private val fileListStorage: OrtServerFileListStorage
 ) {
+    companion object {
+        /**
+         * Convert the VCS plugin configurations to a canonical string representation. If there are no VCS plugin
+         * configurations, return null.
+         */
+        fun createCanonicalVcsPluginConfigs(vcsPluginConfigs: Map<String, PluginConfig>) =
+            vcsPluginConfigs.keys.sorted().joinToString(separator = "&") { vcs ->
+                vcsPluginConfigs[vcs]?.options.orEmpty()
+                    .toSortedMap().entries.joinToString(separator = "&") { (key, value) -> "$vcs/$key/$value" }
+            }.ifEmpty { null }
+    }
+
     suspend fun run(
         context: WorkerContext,
         ortResult: OrtResult,
@@ -73,7 +87,11 @@ class ScannerRunner(
 
         val packageProvenanceCache = PackageProvenanceCache()
         val packageProvenanceStorage = OrtServerPackageProvenanceStorage(db, scannerRunId, packageProvenanceCache)
-        val nestedProvenanceStorage = OrtServerNestedProvenanceStorage(db, packageProvenanceCache)
+        val nestedProvenanceStorage = OrtServerNestedProvenanceStorage(
+            db,
+            packageProvenanceCache,
+            canonicalVcsPluginConfigs
+        )
         val scanResultStorage = OrtServerScanResultStorage(db, scannerRunId)
 
         val scanStorages = ScanStorages(

workers/scanner/src/test/kotlin/OrtServerNestedProvenanceStorageTest.kt

@@ -64,7 +64,11 @@ class OrtServerNestedProvenanceStorageTest : WordSpec() {
             packageProvenanceCache = PackageProvenanceCache()
             packageProvenanceStorage =
                 OrtServerPackageProvenanceStorage(dbExtension.db, scannerRun.id, packageProvenanceCache)
-            nestedProvenanceStorage = OrtServerNestedProvenanceStorage(dbExtension.db, packageProvenanceCache)
+            nestedProvenanceStorage = OrtServerNestedProvenanceStorage(
+                dbExtension.db,
+                packageProvenanceCache,
+                ""
+            )
 
             packageProvenanceStorage.writeProvenance(id, vcsInfo, packageProvenance)
         }
@@ -209,7 +213,11 @@ class OrtServerNestedProvenanceStorageTest : WordSpec() {
                 packageProvenanceCache = PackageProvenanceCache()
                 packageProvenanceStorage =
                     OrtServerPackageProvenanceStorage(dbExtension.db, scannerRun.id, packageProvenanceCache)
-                nestedProvenanceStorage = OrtServerNestedProvenanceStorage(dbExtension.db, packageProvenanceCache)
+                nestedProvenanceStorage = OrtServerNestedProvenanceStorage(
+                    dbExtension.db,
+                    packageProvenanceCache,
+                    ""
+                )
 
                 val subInfo1 = vcsInfo.copy(path = "sub1")
                 val subProvenance1 = RepositoryProvenance(subInfo1, subInfo1.revision)

workers/scanner/src/test/kotlin/ScannerRunnerTest.kt

@@ -44,6 +44,7 @@ import org.ossreviewtoolkit.model.OrtResult
 import org.ossreviewtoolkit.model.Provenance
 import org.ossreviewtoolkit.model.RepositoryProvenance
 import org.ossreviewtoolkit.model.config.ScannerConfiguration
+import org.ossreviewtoolkit.plugins.api.PluginConfig as OrtPluginConfig
 import org.ossreviewtoolkit.scanner.LocalPathScannerWrapper
 import org.ossreviewtoolkit.scanner.Scanner
 import org.ossreviewtoolkit.scanner.ScannerWrapperFactory
@@ -184,6 +185,43 @@ class ScannerRunnerTest : WordSpec({
             result.issues shouldBe issuesMap
         }
     }
+
+    "createCanonicalVcsPluginConfigs" should {
+        "return null if no VCS config plugins are used at all." {
+            val vcsPluginConfigs = emptyMap<String, OrtPluginConfig>()
+
+            val result = ScannerRunner.createCanonicalVcsPluginConfigs(vcsPluginConfigs)
+
+            result shouldBe null
+        }
+
+        "return a canonical string of VCS plugin configs." {
+            val vcsPluginConfigs = mapOf(
+                "VCS-Z" to OrtPluginConfig(
+                    options = mapOf(
+                        "option-z" to "1",
+                        "option-a" to "2"
+                    ),
+                    secrets = mapOf(
+                        "some-secret" to "my-secret"
+                    )
+                ),
+                "VCS-A" to OrtPluginConfig(
+                    options = mapOf(
+                        "option-x" to "3",
+                        "option-b" to "4"
+                    ),
+                    secrets = mapOf(
+                        "some-secret" to "my-secret"
+                    )
+                )
+            )
+
+            val result = ScannerRunner.createCanonicalVcsPluginConfigs(vcsPluginConfigs)
+
+            result shouldBe "VCS-A/option-b/4&VCS-A/option-x/3&VCS-Z/option-a/2&VCS-Z/option-z/1"
+        }
+    }
 })
 
 private fun mockScannerWrapperFactory(scannerName: String) =