Validate report sheets instead of relying on tox exit code

[woocheol-lge]

Description

Validate report sheets instead of relying on tox exit code

Summary by CodeRabbit

• Chores

  • Added openpyxl to development dependencies to support Excel report handling.

• Tests

  • Added tests that generate Excel reports and verify expected workbook sheets across scanner modes (all, source, binary, dependency).

[coderabbitai]

Warning

Rate limit exceeded

@woocheol-lge has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 50 minutes and 44 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ab855363-a488-4808-924c-b6c170ccf971

📥 Commits

Reviewing files that changed from the base of the PR and between 97889e3 and e00d346.

📒 Files selected for processing (2)

• requirements-dev.txt
• tests/test_fosslight_scanner.py

📝 Walkthrough

Walkthrough

This PR adds test infrastructure to validate Excel report output. The dependency openpyxl is added to development requirements, then a parametrized test is added to verify that generated Excel files contain the expected worksheets for each scanner mode (all, source, binary, dependency).

Changes

Excel Output Validation

Layer / File(s)	Summary
Add openpyxl dependency requirements-dev.txt	openpyxl is added to development requirements for reading Excel report files.
Excel sheet validation helpers and test tests/test_fosslight_scanner.py	_get_sheet_names() helper reads an .xlsx file and returns worksheet names; SHEET_CHECK_PARAMS maps scanner modes to expected sheets; test_output_excel_contains_required_sheets runs run_main in Excel mode, locates the output file, and asserts required sheets exist.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly describes the main change: moving from relying on tox exit codes to validating report sheets, which aligns with adding openpyxl dependency and new Excel sheet validation tests.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch e_test

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

tests/test_fosslight_scanner.py (1)

205-205: 💤 Low value

Consider using Path.glob for consistency.

Since output_dir is already a Path object, you could use list(output_dir.glob("*.xlsx")) instead of glob.glob(str(output_dir / "*.xlsx")) for consistency with the pathlib usage elsewhere in the test.

♻️ Proposed refactor

-    xlsx_files = glob.glob(str(output_dir / "*.xlsx"))
+    xlsx_files = list(output_dir.glob("*.xlsx"))
+    xlsx_files = [str(f) for f in xlsx_files]  # Convert back to strings for _get_sheet_names

Or update _get_sheet_names to accept Path objects directly.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/test_fosslight_scanner.py` at line 205, Replace the glob.glob call with
a Path.glob-based approach by changing the xlsx file collection to use
output_dir.glob("*.xlsx") (e.g., assign xlsx_files =
list(output_dir.glob("*.xlsx"))) so the test consistently uses pathlib;
alternatively, update the helper _get_sheet_names to accept Path objects so
callers can pass Path instances directly (refer to xlsx_files, output_dir and
_get_sheet_names to locate the change).

requirements-dev.txt (1)

7-7: 💤 Low value

Consider pinning the openpyxl version for reproducible builds.

While the existing pattern in this file leaves development dependencies unpinned, specifying a minimum or exact version (e.g., openpyxl>=3.0.0) would prevent unexpected breakage if the library's API changes.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@requirements-dev.txt` at line 7, The dev dependency openpyxl is unpinned
which can cause unreproducible builds; update the requirements-dev.txt entry for
openpyxl to a pinned or minimum-version specifier (for example use
openpyxl>=3.0.0 or an exact version like openpyxl==3.1.2) so installs are
reproducible and less prone to breaking changes.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@requirements-dev.txt`:
- Line 7: The dev dependency openpyxl is unpinned which can cause unreproducible
builds; update the requirements-dev.txt entry for openpyxl to a pinned or
minimum-version specifier (for example use openpyxl>=3.0.0 or an exact version
like openpyxl==3.1.2) so installs are reproducible and less prone to breaking
changes.

In `@tests/test_fosslight_scanner.py`:
- Line 205: Replace the glob.glob call with a Path.glob-based approach by
changing the xlsx file collection to use output_dir.glob("*.xlsx") (e.g., assign
xlsx_files = list(output_dir.glob("*.xlsx"))) so the test consistently uses
pathlib; alternatively, update the helper _get_sheet_names to accept Path
objects so callers can pass Path instances directly (refer to xlsx_files,
output_dir and _get_sheet_names to locate the change).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3a6fa8b8-74ea-4c96-ac43-156eff207a56

📥 Commits

Reviewing files that changed from the base of the PR and between 860c126 and f80861e.

📒 Files selected for processing (2)

• requirements-dev.txt
• tests/test_fosslight_scanner.py

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@tests/test_fosslight_scanner.py`:
- Around line 204-212: The test currently picks the first Excel file from
xlsx_files and may validate the wrong artifact; update the selection logic so
the test binds sheet validation to the intended report (e.g., filter xlsx_files
by the expected filename or unique pattern generated by the run, or choose the
most recently modified file) before calling _get_sheet_names; locate the
xlsx_files variable and the call to _get_sheet_names(...) and replace the naive
xlsx_files[0] usage with filtered/selected_report logic (by name pattern or
max(stat().st_mtime)) to guarantee the correct workbook is validated.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2c812c5b-4c4d-4d58-89eb-62ce9b4c55e7

📥 Commits

Reviewing files that changed from the base of the PR and between f80861e and 97889e3.

📒 Files selected for processing (2)

• requirements-dev.txt
• tests/test_fosslight_scanner.py