Ignore git submodules when scanning for manifests#76
Merged
Conversation
Fixes #72 Manifests and lockfiles found in git submodule directories are now properly ignored by default when scanning the working directory. This prevents dependencies from submodules being incorrectly reported as part of the main repository. A new --include-submodules flag allows opting in to scanning submodules when needed. The implementation uses go-git's native Worktree.Submodules() API to detect submodule paths, which are then filtered out during filesystem walks in both the analyzer and where command. Changes: - Added GetSubmodulePaths() method to Repository using go-git's submodule support - Updated DependenciesInWorkingDir() to skip submodule directories by default - Updated where command to skip submodule directories by default - Added --include-submodules persistent flag to opt in to scanning submodules - Updated diff command to respect the flag - Added comprehensive tests for submodule filtering - Documented the flag in README.md and docs/internals.md
0737973 to
813f4a7
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #72
Manifests and lockfiles found in git submodule directories are now properly ignored when scanning the working directory. This prevents dependencies from submodules being incorrectly reported as part of the main repository.
The implementation uses go-git's native
Worktree.Submodules()API to detect submodule paths, which are then filtered out during filesystem walks in both the analyzer and where command.Changes:
GetSubmodulePaths()method toRepositoryusing go-git's submodule supportDependenciesInWorkingDir()to skip submodule directorieswherecommand to skip submodule directories