Fail to run scancode-action over an unpacked repository

[lancedikson]

Hi there! I'm trying to use the action to automate license checks for my Nodejs and Ruby applications, but I can't get over a need for archiving the repository. It simply doesn't work for me as it's described in README.md. Here's what I tried:

Configuration:

jobs:
  licenses-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          path: brands-server
      - name: Install Ruby and gems
        uses: ruby/setup-ruby@v1
        with:
          working-directory: brands-server
          bundler-cache: true
      - uses: nexB/scancode-action@alpha
        with:
          pipelines: "scan_codebase"
          inputs-path: "brands-server"
          output-formats: "json xlsx spdx cyclonedx"
          project-name: "brands-server"

Exception output:

Run scanpipe execute --project brands-server --no-color
INFO Run[3b0dee05-00b2-4cf4-8428-8191c01cf21c] Enter `execute_pipeline_task` Run.pk=3b0dee05-00b2-4cf4-8428-8191c01cf21c
INFO Run[3b0dee05-00b2-4cf4-8428-8191c01cf21c] Run pipeline: "scan_codebase" on project: "brands-server"
INFO 2024-05-07 11:15:26.13 Pipeline [scan_codebase] starting
INFO 2024-05-07 11:15:26.13 Step [download_missing_inputs] starting
INFO 2024-05-07 11:15:26.14 Step [download_missing_inputs] completed in 0 seconds
INFO 2024-05-07 11:15:26.14 Step [copy_inputs_to_codebase_directory] starting
INFO 2024-05-07 11:15:26.14 Pipeline failed
INFO Run[3b0dee05-00b2-4cf4-8428-8191c01cf21c] Update Run instance with exitcode, output, and end_date
CommandError: Error during scan_codebase execution:
[Errno 21] Is a directory: '/home/runner/work/brands/brands/var/projects/brands-server-3caecf5c/input/tmp'
Start the scan_codebase pipeline execution...

Traceback:
  File "/opt/hostedtoolcache/Python/3.11.9/x64/lib/python3.11/site-packages/scanpipe/pipelines/__init__.py", line 191, in execute
    step(self)
  File "/opt/hostedtoolcache/Python/3.11.9/x64/lib/python3.11/site-packages/scanpipe/pipelines/scan_codebase.py", line 55, in copy_inputs_to_codebase_directory
    copy_inputs(self.project.inputs(), self.project.codebase_path)
  File "/opt/hostedtoolcache/Python/3.11.9/x64/lib/python3.11/site-packages/scanpipe/pipes/input.py", line 51, in copy_inputs
    copy_input(input_location, dest_path)
  File "/opt/hostedtoolcache/Python/3.11.9/x64/lib/python3.11/site-packages/scanpipe/pipes/input.py", line 45, in copy_input
    return shutil.copyfile(input_location, destination)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/hostedtoolcache/Python/3.11.9/x64/lib/python3.11/shutil.py", line 256, in copyfile
    with open(src, 'rb') as fsrc:
         ^^^^^^^^^^^^^^^

My experiments showed that it's looking for files only and doesn't expect any directories in the inputs folder.

The solution was to zip the codebase and put it there.

jobs:
  licenses-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          path: codebase
      - name: Install Ruby and gems
        uses: ruby/setup-ruby@v1
        with:
          working-directory: codebase
          bundler-cache: true
      - run: mkdir -p scancode-inputs
      - uses: montudor/action-zip@v1
        with:
          args: zip -qq -r scancode-inputs/brands-server.zip codebase
      - uses: nexB/scancode-action@alpha
        with:
          pipelines: "scan_codebase"
          output-formats: "json xlsx spdx cyclonedx"
          project-name: "brands-server"
      - name: Archive production artifacts
        uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: debugging-archive
          path: |
            ${{ env.PROJECT_WORK_DIRECTORY }}

It successfully kicked off, but failed later for another reason. So, my main question: is there a way to avoid zipping and unzipping the codebase, but rather simply pointing scancode to the codebase directory in the Action configuration?