chore: use an env variable for host output path

Signed-off-by: behnazh-w <[email protected]>

Author: behnazh-w

.gitignore

@@ -167,6 +167,7 @@ gradlew.bat
 .macaron
 reports
 output
+output_dir
 cdx_debug.json
 sbom_debug.json
 golang/internal/filewriter/mock_dir/result.json

scripts/release_scripts/run_macaron.sh

@@ -56,6 +56,9 @@ IMAGE="ghcr.io/oracle/macaron"
 # Workspace directory inside of the container.
 MACARON_WORKSPACE="/home/macaron"
 
+# Host output path outside the container.
+HOST_OUTPUT=""
+
 # The entrypoint to run Macaron or the Policy Engine.
 # It it set by default to macaron.
 # We use an array here to preserve the arguments as provided by the user.
@@ -388,8 +391,10 @@ fi
 if [[ -n "${arg_output:-}" ]]; then
     output="${arg_output}"
     argv_main+=("--output" "${MACARON_WORKSPACE}/output/")
+    HOST_OUTPUT="${arg_output}"
 else
     output=$(pwd)/output
+    HOST_OUTPUT="output"
     echo "Setting default output directory to ${output}."
 fi
 
@@ -659,6 +664,7 @@ docker run \
     --rm -i "${tty[@]}" \
     -e "USER_UID=${USER_UID}" \
     -e "USER_GID=${USER_GID}" \
+    -e "HOST_OUTPUT=${HOST_OUTPUT}" \
     "${proxy_vars[@]}" \
     "${prod_vars[@]}" \
     "${mounts[@]}" \

src/macaron/__main__.py

@@ -22,6 +22,7 @@
 from macaron.config.global_config import global_config
 from macaron.console import RichConsoleHandler, access_handler
 from macaron.errors import ConfigurationError
+from macaron.output_reporter import find_report_output_path
 from macaron.output_reporter.reporter import HTMLReporter, JSONReporter, PolicyReporter
 from macaron.policy_engine.policy_engine import run_policy_engine, show_prelude
 from macaron.repo_finder import repo_finder
@@ -280,22 +281,22 @@ def verify_policy(verify_policy_args: argparse.Namespace) -> int:
         rich_handler = access_handler.get_handler()
         if vsa is not None:
             vsa_filepath = os.path.join(global_config.output_path, "vsa.intoto.jsonl")
-            rich_handler.update_vsa(os.path.relpath(vsa_filepath, os.getcwd()))
+            rich_handler.update_vsa(find_report_output_path(vsa_filepath))
             logger.info(
                 "Generating the Verification Summary Attestation (VSA) to %s.",
-                os.path.relpath(vsa_filepath, os.getcwd()),
+                find_report_output_path(vsa_filepath),
             )
             logger.info(
                 "To decode and inspect the payload, run `cat %s | jq -r '.payload' | base64 -d | jq`.",
-                os.path.relpath(vsa_filepath, os.getcwd()),
+                find_report_output_path(vsa_filepath),
             )
             try:
                 with open(vsa_filepath, mode="w", encoding="utf-8") as file:
                     file.write(json.dumps(vsa))
             except OSError as err:
                 logger.error(
                     "Could not generate the VSA to %s. Error: %s",
-                    os.path.relpath(vsa_filepath, os.getcwd()),
+                    find_report_output_path(vsa_filepath),
                     err,
                 )
         else:
@@ -372,7 +373,7 @@ def perform_action(action_args: argparse.Namespace) -> None:
             if not action_args.disable_rich_output:
                 rich_handler.start("dump-defaults")
             # Create the defaults.ini file in the output dir and exit.
-            create_defaults(action_args.output, os.getcwd())
+            create_defaults(action_args.output)
             sys.exit(os.EX_OK)
 
         case "verify-policy":
@@ -466,6 +467,9 @@ def main(argv: list[str] | None = None) -> None:
     global_config.gl_token = _get_token_from_dict_or_env("MCN_GITLAB_TOKEN", token_dict)
     global_config.gl_self_host_token = _get_token_from_dict_or_env("MCN_SELF_HOSTED_GITLAB_TOKEN", token_dict)
 
+    # Set the host output path, which would be set if Macaron is running inside a container.
+    global_config.host_output_path = _get_host_output_path_env()
+
     main_parser = argparse.ArgumentParser(prog="macaron")
 
     main_parser.add_argument(
@@ -735,12 +739,12 @@ def main(argv: list[str] | None = None) -> None:
         if os.path.isdir(args.output):
             logger.info(
                 "Setting the output directory to %s",
-                os.path.relpath(args.output, os.getcwd()),
+                find_report_output_path(args.output),
             )
         else:
             logger.info(
                 "No directory at %s. Creating one ...",
-                os.path.relpath(args.output, os.getcwd()),
+                find_report_output_path(args.output),
             )
             os.makedirs(args.output)
 
@@ -800,5 +804,17 @@ def _get_token_from_dict_or_env(token: str, token_dict: dict[str, str]) -> str:
     return token_dict[token] if token in token_dict else os.environ.get(token) or ""
 
 
+def _get_host_output_path_env() -> str:
+    """
+    Get the host output path from the HOST_OUTPUT environment variable.
+
+    Returns
+    -------
+    str
+        The HOST_OUTPUT environment variable or an empty string.
+    """
+    return os.environ.get("HOST_OUTPUT") or ""
+
+
 if __name__ == "__main__":
     main()

src/macaron/build_spec_generator/build_spec_generator.py

@@ -17,6 +17,7 @@
 from macaron.build_spec_generator.reproducible_central.reproducible_central import gen_reproducible_central_build_spec
 from macaron.console import access_handler
 from macaron.errors import GenerateBuildSpecError
+from macaron.output_reporter import find_report_output_path
 from macaron.path_utils.purl_based_path import get_purl_based_dir
 
 logger: logging.Logger = logging.getLogger(__name__)
@@ -120,17 +121,17 @@ def gen_build_spec_for_purl(
     logger.info(
         "Generating the %s format build spec to %s",
         build_spec_format.value,
-        os.path.relpath(build_spec_file_path, os.getcwd()),
+        find_report_output_path(build_spec_file_path),
     )
     rich_handler = access_handler.get_handler()
-    rich_handler.update_gen_build_spec("Build Spec Path:", os.path.relpath(build_spec_file_path, os.getcwd()))
+    rich_handler.update_gen_build_spec("Build Spec Path:", find_report_output_path(build_spec_file_path))
     try:
         with open(build_spec_file_path, mode="w", encoding="utf-8") as file:
             file.write(build_spec_content)
     except OSError as error:
         logger.error(
             "Could not create the build spec at %s. Error: %s",
-            os.path.relpath(build_spec_file_path, os.getcwd()),
+            find_report_output_path(build_spec_file_path),
             error,
         )
         return os.EX_OSERR

src/macaron/config/defaults.py

@@ -10,6 +10,7 @@
 import shutil
 
 from macaron.console import access_handler
+from macaron.output_reporter import find_report_output_path
 
 logger: logging.Logger = logging.getLogger(__name__)
 
@@ -138,15 +139,13 @@ def load_defaults(user_config_path: str) -> bool:
         return False
 
 
-def create_defaults(output_path: str, cwd_path: str) -> bool:
+def create_defaults(output_path: str) -> bool:
     """Create the ``defaults.ini`` file at the Macaron's root dir for end users.
 
     Parameters
     ----------
     output_path : str
         The path where the ``defaults.ini`` will be created.
-    cwd_path : str
-        The path to the current working directory.
 
     Returns
     -------
@@ -169,12 +168,12 @@ def create_defaults(output_path: str, cwd_path: str) -> bool:
         shutil.copy2(src_path, dest_path)
         logger.info(
             "Dumped the default values in %s.",
-            os.path.relpath(os.path.join(output_path, "defaults.ini"), cwd_path),
+            find_report_output_path(os.path.join(output_path, "defaults.ini")),
         )
-        rich_handler.update_dump_defaults(os.path.relpath(dest_path, cwd_path))
+        rich_handler.update_dump_defaults(find_report_output_path(dest_path))
         return True
     # We catch OSError to support errors on different platforms.
     except OSError as error:
-        logger.error("Failed to create %s: %s.", os.path.relpath(dest_path, cwd_path), error)
+        logger.error("Failed to create %s: %s.", find_report_output_path(dest_path), error)
         rich_handler.update_dump_defaults("[bold red]Failed[/]")
         return False

src/macaron/config/global_config.py

@@ -49,6 +49,9 @@ class GlobalConfig:
     #: The path to the local .m2 Maven repository. This attribute is None if there is no available .m2 directory.
     local_maven_repo: str | None = None
 
+    #: The host output path, if Macaron is executed as a container.
+    host_output_path: str = ""
+
     def load(
         self,
         macaron_path: str,

src/macaron/dependency_analyzer/cyclonedx.py

@@ -26,6 +26,7 @@
 from macaron.config.target_config import Configuration
 from macaron.database.table_definitions import Component
 from macaron.errors import CycloneDXParserError, DependencyAnalyzerError
+from macaron.output_reporter import find_report_output_path
 from macaron.output_reporter.scm import SCMStatus
 from macaron.repo_finder.repo_finder import find_repo
 from macaron.repo_finder.repo_finder_enums import RepoFinderInfo
@@ -359,7 +360,7 @@ def resolve_dependencies(main_ctx: Any, sbom_path: str, recursive: bool = False)
                 "Running %s version %s dependency analyzer on %s",
                 dep_analyzer.tool_name,
                 dep_analyzer.tool_version,
-                os.path.relpath(main_ctx.component.repository.fs_path, os.getcwd()),
+                find_report_output_path(main_ctx.component.repository.fs_path),
             )
 
             log_path = os.path.join(
@@ -397,7 +398,7 @@ def resolve_dependencies(main_ctx: Any, sbom_path: str, recursive: bool = False)
             logger.info(
                 "Stored dependency resolver log for %s to %s.",
                 dep_analyzer.tool_name,
-                os.path.relpath(log_path, os.getcwd()),
+                find_report_output_path(log_path),
             )
 
         # Use repo finder to find more repositories to analyze.

src/macaron/output_reporter/__init__.py

@@ -1,2 +1,59 @@
-# Copyright (c) 2022 - 2022, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2022 - 2025, Oracle and/or its affiliates. All rights reserved.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
+
+"""This module contains helper functions for reporting."""
+
+import logging
+import os
+from pathlib import Path
+
+from macaron.config.global_config import global_config
+
+logger: logging.Logger = logging.getLogger(__name__)
+
+
+def find_report_output_path(file_name: str, host_output_path: str | None = None) -> str:
+    """
+    Determine the output path for a report file.
+
+    If ``host_output_path`` is empty or None, returns the file path relative
+    to the current working directory. Otherwise, prefixes the path (stripping
+    the first directory component) with the provided container host output path.
+    Returns empty string if path has no parts to strip.
+
+    Parameters
+    ----------
+    file_name : str
+        Path to the input file (absolute or relative).
+    host_output_path : str | None
+        Base output directory path.
+
+    Returns
+    -------
+    str
+        Output path as string.
+
+    Examples
+    --------
+    >>> find_report_output_path("output/reports/maven/foo/bar", host_output_path=None)
+    'output/reports/maven/foo/bar'
+    >>> find_report_output_path("output/reports/maven/foo/bar", host_output_path="output_dir")
+    'output_dir/reports/maven/foo/bar'
+    >>> find_report_output_path("foo", host_output_path="output")
+    'output/'
+    >>> find_report_output_path("", host_output_path="output")
+    ''
+    """
+    if not file_name:
+        return ""
+    if host_output_path is None:
+        host_output_path = global_config.host_output_path
+    try:
+        file_path = Path(os.path.relpath(file_name, os.getcwd()))
+    except (ValueError, OSError) as error:
+        logger.debug("Failed to create path for %s: %s", file_name, error)
+        return ""
+    if not host_output_path:
+        return str(file_path)
+
+    return os.path.join(host_output_path, file_path.relative_to(file_path.parts[0])).rstrip(".")

src/macaron/output_reporter/reporter.py

@@ -20,6 +20,7 @@
 
 import macaron.output_reporter.jinja2_extensions as jinja2_extensions  # pylint: disable=consider-using-from-import
 from macaron.console import access_handler
+from macaron.output_reporter import find_report_output_path
 from macaron.output_reporter.results import Report
 from macaron.output_reporter.scm import SCMStatus
 
@@ -62,13 +63,13 @@ def write_file(self, file_path: str, data: str) -> bool:
         """
         try:
             with open(file_path, mode=self.mode, encoding=self.encoding) as file:
-                logger.info("Writing to file %s", os.path.relpath(file_path, os.getcwd()))
+                logger.info("Writing to file %s", find_report_output_path(file_path))
                 file.write(data)
                 return True
         except OSError as error:
             logger.error(
                 "Cannot write to %s. Error: %s",
-                os.path.relpath(file_path, os.getcwd()),
+                find_report_output_path(file_path),
                 error,
             )
             return False
@@ -128,15 +129,15 @@ def generate(self, target_dir: str, report: Report | dict) -> None:
             dep_file_name = os.path.join(target_dir, "dependencies.json")
             serialized_configs = list(report.get_serialized_configs())
             self.write_file(dep_file_name, json.dumps(serialized_configs, indent=self.indent))
-            self.rich_handler.update_report_table("Dependencies Report", os.path.relpath(dep_file_name, os.getcwd()))
+            self.rich_handler.update_report_table("Dependencies Report", find_report_output_path(dep_file_name))
 
             for record in report.get_records():
                 if record.context and record.status == SCMStatus.AVAILABLE:
                     file_name = os.path.join(target_dir, f"{record.context.component.report_file_name}.json")
                     json_data = json.dumps(record.get_dict(), indent=self.indent)
                     self.write_file(file_name, json_data)
                     self.rich_handler.update_report_table(
-                        "JSON Report", os.path.relpath(file_name, os.getcwd()), record.record_id
+                        "JSON Report", find_report_output_path(file_name), record.record_id
                     )
         except TypeError as error:
             logger.critical("Cannot serialize output report to JSON: %s", error)
@@ -231,7 +232,7 @@ def generate(self, target_dir: str, report: Report | dict) -> None:
                     html = self.template.render(deepcopy(record.get_dict()))
                     self.write_file(file_name, html)
                     self.rich_handler.update_report_table(
-                        "HTML Report", os.path.relpath(file_name, os.getcwd()), record.record_id
+                        "HTML Report", find_report_output_path(file_name), record.record_id
                     )
         except TemplateSyntaxError as error:
             location = f"line {error.lineno}"
@@ -285,7 +286,7 @@ def generate(self, target_dir: str, report: Report | dict) -> None:
                 json.dumps(report, indent=self.indent),
             )
             self.rich_handler.update_policy_report(
-                os.path.relpath(os.path.join(target_dir, "policy_report.json"), os.getcwd())
+                find_report_output_path(os.path.join(target_dir, "policy_report.json"))
             )
         except (TypeError, ValueError, OSError) as error:
             logger.critical("Cannot serialize the policy report to JSON: %s", error)

src/macaron/provenance/provenance_verifier.py

@@ -16,6 +16,7 @@
 
 from macaron.config.defaults import defaults
 from macaron.config.global_config import global_config
+from macaron.output_reporter import find_report_output_path
 from macaron.provenance.provenance_extractor import ProvenancePredicate, SLSAGithubGenericBuildDefinitionV01
 from macaron.provenance.provenance_finder import ProvenanceAsset
 from macaron.repo_finder.commit_finder import AbstractPurlType, determine_abstract_purl_type
@@ -336,7 +337,7 @@ def _verify_slsa(
         verified = "PASSED: SLSA verification passed" in output
         log_path = os.path.join(global_config.build_log_path, f"{os.path.basename(source_path)}.slsa_verifier.log")
         with open(log_path, mode="a", encoding="utf-8") as log_file:
-            logger.info("Storing SLSA verifier output for %s to %s", asset_name, os.path.relpath(log_path, os.getcwd()))
+            logger.info("Storing SLSA verifier output for %s to %s", asset_name, find_report_output_path(log_path))
             log_file.writelines(
                 [f"SLSA verifier output for cmd: {' '.join(cmd)}\n", output, "--------------------------------\n"]
             )
@@ -359,7 +360,7 @@ def _verify_slsa(
             )
             with open(error_log_path, mode="a", encoding="utf-8") as log_file:
                 logger.info(
-                    "Storing SLSA verifier log for%s to %s", asset_name, os.path.relpath(error_log_path, os.getcwd())
+                    "Storing SLSA verifier log for%s to %s", asset_name, find_report_output_path(error_log_path)
                 )
                 log_file.write(f"SLSA verifier output for cmd: {' '.join(cmd)}\n")
                 log_file.writelines(errors)