feat(model): guard duplicate scan results / file lists per provenance

Prep work for upcoming PR #10502.

* `ScannerRun.init`
  - Add a `require` check that no two `ScanResult`s share the same
    provenance and scanner.
  - Add a similar check that no two `FileList`s share the same provenance.
  The offending provenance is rendered via `toYaml()` to aid debugging.

* `ScannerRunTest`
  - Introduce two unit tests that assert an `IllegalArgumentException` is
    thrown when duplicates are present for scan results or file lists,
    respectively.

These runtime checks make improper scan runs surface early and provide clear
error messages, which will simplify the upcoming deduplication work.

Signed-off-by: Jonatan Männchen <jonatan@maennchen.ch>

Author: maennchen

model/src/main/kotlin/ScannerRun.kt

@@ -135,6 +135,20 @@ data class ScannerRun(
             }
         }
 
+        scanResults.toList().getDuplicates { it.provenance to it.scanner }.keys.let { duplicates ->
+            require(duplicates.isEmpty()) {
+                val (dupProvenance, dupScanner) = duplicates.first()
+
+                buildString {
+                    appendLine("Found multiple scan results for the same provenance and scanner.")
+                    appendLine("Scanner:")
+                    appendLine(dupScanner.toYaml())
+                    appendLine("Provenance:")
+                    append(dupProvenance.toYaml())
+                }
+            }
+        }
+
         provenances.getDuplicates { it.id }.keys.let { idsForDuplicateProvenanceResolutionResults ->
             require(idsForDuplicateProvenanceResolutionResults.isEmpty()) {
                 "Found multiple provenance resolution results for the following ids: " +
@@ -173,6 +187,13 @@ data class ScannerRun(
                 }
             }
         }
+
+        files.toList().getDuplicates { it.provenance }.keys.let { duplicateProvenances ->
+            require(duplicateProvenances.isEmpty()) {
+                "Found multiple file lists for the same provenance:\n" +
+                    duplicateProvenances.first().toYaml()
+            }
+        }
     }
 
     private val provenancesById: Map<Identifier, ProvenanceResolutionResult> by lazy {

model/src/test/kotlin/ScannerRunTest.kt

@@ -19,18 +19,178 @@
 
 package org.ossreviewtoolkit.model
 
+import io.kotest.assertions.throwables.shouldThrow
 import io.kotest.core.spec.style.WordSpec
 import io.kotest.matchers.collections.containExactlyInAnyOrder
 import io.kotest.matchers.maps.containExactly
 import io.kotest.matchers.nulls.shouldNotBeNull
 import io.kotest.matchers.should
+import io.kotest.matchers.shouldBe
 
 import org.ossreviewtoolkit.model.FileList.Entry
 import org.ossreviewtoolkit.model.utils.alignRevisions
 import org.ossreviewtoolkit.model.utils.clearVcsPath
 import org.ossreviewtoolkit.utils.spdx.SpdxConstants
 
 class ScannerRunTest : WordSpec({
+    "init" should {
+        "error on duplicate provenance and scanner scan results" {
+            val provenance = RepositoryProvenance(
+                VcsInfo(type = VcsType.GIT, url = "https://github.com/example.git", revision = "revision"),
+                "revision"
+            )
+            val otherProvenance = RepositoryProvenance(
+                VcsInfo(type = VcsType.GIT, url = "https://github.com/example.git", revision = "other_revision"),
+                "other_revision"
+            )
+            val provenances = setOf(
+                ProvenanceResolutionResult(
+                    id = Identifier("maven::example:1.0"),
+                    packageProvenance = provenance
+                ),
+                ProvenanceResolutionResult(
+                    id = Identifier("maven::other_example:1.0"),
+                    packageProvenance = otherProvenance
+                )
+            )
+
+            val scanner = ScannerDetails("scanner", "1.0.0", "configuration")
+            val otherScanner = ScannerDetails("other-scanner", "1.0.0", "configuration")
+
+            // Shared provenance and scanner.
+            val ex = shouldThrow<IllegalArgumentException> {
+                ScannerRun.EMPTY.copy(
+                    provenances = provenances,
+                    scanResults = setOf(
+                        ScanResult(
+                            provenance = provenance,
+                            scanner = scanner,
+                            summary = ScanSummary.EMPTY.copy(
+                                licenseFindings = setOf(
+                                    LicenseFinding("MIT", TextLocation("file1.txt", 1, 1))
+                                )
+                            )
+                        ),
+                        ScanResult(
+                            provenance = provenance,
+                            scanner = scanner,
+                            summary = ScanSummary.EMPTY.copy(
+                                licenseFindings = setOf(
+                                    LicenseFinding("MIT", TextLocation("file2.txt", 1, 1))
+                                )
+                            )
+                        )
+                    )
+                )
+            }
+
+            val expectedMessage = buildString {
+                appendLine("Found multiple scan results for the same provenance and scanner.")
+                appendLine("Scanner:")
+                appendLine(scanner.toYaml())
+                appendLine("Provenance:")
+                append(provenance.toYaml())
+            }.trimEnd()
+
+            ex.message!!.trimEnd() shouldBe expectedMessage
+
+            // Shared provenance and different scanners.
+            ScannerRun.EMPTY.copy(
+                provenances = provenances,
+                scanResults = setOf(
+                    ScanResult(
+                        provenance = provenance,
+                        scanner = scanner,
+                        summary = ScanSummary.EMPTY.copy(
+                            licenseFindings = setOf(
+                                LicenseFinding("MIT", TextLocation("file1.txt", 1, 1))
+                            )
+                        )
+                    ),
+                    ScanResult(
+                        provenance = provenance,
+                        scanner = otherScanner,
+                        summary = ScanSummary.EMPTY.copy(
+                            licenseFindings = setOf(
+                                LicenseFinding("MIT", TextLocation("file2.txt", 1, 1))
+                            )
+                        )
+                    )
+                )
+            )
+
+            // Different provenance and shared scanner.
+            ScannerRun.EMPTY.copy(
+                provenances = provenances,
+                scanResults = setOf(
+                    ScanResult(
+                        provenance = provenance,
+                        scanner = scanner,
+                        summary = ScanSummary.EMPTY.copy(
+                            licenseFindings = setOf(
+                                LicenseFinding("MIT", TextLocation("file1.txt", 1, 1))
+                            )
+                        )
+                    ),
+                    ScanResult(
+                        provenance = otherProvenance,
+                        scanner = scanner,
+                        summary = ScanSummary.EMPTY.copy(
+                            licenseFindings = setOf(
+                                LicenseFinding("MIT", TextLocation("file2.txt", 1, 1))
+                            )
+                        )
+                    )
+                )
+            )
+        }
+
+        "error on duplicate provenance file lists" {
+            val provenance = RepositoryProvenance(
+                VcsInfo(type = VcsType.GIT, url = "https://github.com/example.git", revision = "revision"),
+                "revision"
+            )
+
+            val ex = shouldThrow<IllegalArgumentException> {
+                ScannerRun.EMPTY.copy(
+                    provenances = setOf(
+                        ProvenanceResolutionResult(
+                            id = Identifier("maven::other_example:1.0"),
+                            packageProvenance = provenance
+                        )
+                    ),
+                    files = setOf(
+                        FileList(
+                            provenance = provenance,
+                            files = setOf(
+                                Entry(
+                                    path = "vcs/path/file1.txt",
+                                    sha1 = "1111111111111111111111111111111111111111"
+                                )
+                            )
+                        ),
+                        FileList(
+                            provenance = provenance,
+                            files = setOf(
+                                Entry(
+                                    path = "some/dir/file2.txt",
+                                    sha1 = "2222222222222222222222222222222222222222"
+                                )
+                            )
+                        )
+                    )
+                )
+            }
+
+            val expectedMessage = buildString {
+                appendLine("Found multiple file lists for the same provenance:")
+                append(provenance.toYaml())
+            }.trimEnd()
+
+            ex.message!!.trimEnd() shouldBe expectedMessage
+        }
+    }
+
     "getFileList()" should {
         "filter by VCS path and merge sub-repository lists as expected" {
             val id = Identifier("a:b:c:1.0.0")