Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 4.0.0 work #341

Merged
merged 29 commits into from
Mar 20, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
2d894b5
doc: typo in README.
madpah Jul 6, 2022
d1d140c
chore: resolved issue in pre-commit-hooks
madpah Jul 6, 2022
403011c
feat: support VEX without Components in the same BOM
madpah Jul 6, 2022
a043437
feat: support VEX without Components in the same BOM
madpah Jul 6, 2022
2c50eb8
doc: updated to reflect breaking changes in model for `3.0.0`
madpah Jul 6, 2022
7d8a1f1
chore: removed duplicate code
madpah Jul 6, 2022
6a3d9e6
remove deprecated methods - no easy way to provide backwards compatab…
madpah Jul 7, 2022
e709d19
removed unused import
madpah Jul 7, 2022
3d71a5b
updated unit tests
madpah Jul 7, 2022
bd40d8b
ci: extend CI timeout to 15 minutes - py3.10 on OSX failing to comple…
madpah Jul 7, 2022
fe38107
chore: removed commented code
madpah Jul 8, 2022
1f58b31
Merge pull request #263 from CycloneDX/feat/vex-without-components
madpah Jul 11, 2022
b56c5c3
ci: pin `semantic-release==7.28.1` for manual deploy - see #234
madpah Jul 12, 2022
17341d6
feat: allow `version` of BOM to be defined
madpah Jul 12, 2022
068da83
Merge pull request #267 from CycloneDX/feat/bomlink-urn-helper-methods
madpah Jul 12, 2022
3dd1861
chore: merged main into dev/3.0.0 branch
madpah Aug 11, 2022
29e6c8c
Merge branch 'main' into dev/3.0.0
madpah Aug 11, 2022
7df1b7e
chore: fix release workflow
madpah Sep 15, 2022
03ac713
chore: editorconfig
jkowalleck Jan 6, 2023
695afe9
Merge branch 'main' into dev/4.0.0
madpah Jan 20, 2023
676c941
feat: support for deserialization from JSON and XML (#290)
madpah Mar 3, 2023
40145ce
fix: update `serializable` to include XML safety changes
madpah Mar 3, 2023
3f3c8ff
feat: Support for Python 3.11 (#349)
madpah Mar 6, 2023
5a99137
Merge branch 'main' into dev/4.0.0
madpah Mar 6, 2023
1b32d4b
fix: removed `autopep8` in favour of `flake8` as both have conflictin…
madpah Mar 7, 2023
4d0d920
chore: bump dev dependencies
madpah Mar 7, 2023
aa3189e
tests: compoennt versions optional (#350)
jkowalleck Mar 13, 2023
2ef396f
doc: doc updates for new deserialization feature
madpah Mar 17, 2023
ccb7a7f
doc: doc updates for contribution
madpah Mar 17, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ on:
push:
branches: [ 'main' ]
workflow_dispatch:

env:
PYTHON_VERSION_DEFAULT: "3.10"
PYTHON_VERSION_DEFAULT: "3.11"
POETRY_VERSION: "1.1.12"

jobs:
Expand All @@ -22,14 +22,14 @@ jobs:
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Setup python
# see https://github.com/actions/setup-python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
architecture: 'x64'

- name: Install and configure Poetry
# See https://github.com/marketplace/actions/install-poetry-action
uses: snok/install-poetry@v1
Expand All @@ -38,17 +38,17 @@ jobs:
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true

- name: Install dependencies
run: poetry install --no-root

- name: View poetry version
run: poetry --version

- name: Python Semantic Release
# see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html
# see https://github.com/relekang/python-semantic-release
uses: relekang/[email protected].1
uses: relekang/[email protected].2
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
repository_username: __token__
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/manual-release-candidate.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
python -m pip install poetry --upgrade pip
poetry config virtualenvs.create false
poetry install
python -m pip install python-semantic-release
python -m pip install python-semantic-release==7.28.1
- name: Apply Pre Release Version
run: |
RC_VERSION="$(semantic-release --noop --major print-version)-${{ github.event.inputs.release_candidate_suffix }}"
Expand Down
52 changes: 31 additions & 21 deletions .github/workflows/poetry.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ name: Python CI

on:
push:
branches: ["master", "main"]
branches: ["main"]
pull_request:
branches-ignore: ['dependabot/**']
workflow_dispatch:
Expand All @@ -15,8 +15,8 @@ on:

env:
REPORTS_DIR: CI_reports
PYTHON_VERISON_DEFAULT: "3.10"
POETRY_VERSION: "1.1.11"
PYTHON_VERSION_DEFAULT: "3.11"
POETRY_VERSION: "1.1.12"

jobs:
coding-standards:
Expand All @@ -27,19 +27,23 @@ jobs:
- name: Checkout
# see https://github.com/actions/checkout
uses: actions/checkout@v3

- name: Setup Python Environment
# see https://github.com/actions/setup-python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERISON_DEFAULT }}
python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
architecture: 'x64'

- name: Install poetry
# see https://github.com/marketplace/actions/setup-poetry
uses: Gr1N/setup-poetry@v8
with:
poetry-version: ${{ env.POETRY_VERSION }}

- name: Install dependencies
run: poetry install --no-root

- name: Run tox
run: poetry run tox -e flake8 -s false

Expand All @@ -53,96 +57,102 @@ jobs:
include:
- # test with the locked dependencies
os: ubuntu-latest
python-version: '3.10'
python-version: '3.11'
toxenv-factor: 'locked'
- # test with the lowest dependencies
os: ubuntu-20.04
python-version: '3.6'
os: ubuntu-latest
python-version: '3.7'
toxenv-factor: 'lowest'
steps:
- name: Checkout
# see https://github.com/actions/checkout
uses: actions/checkout@v3

- name: Setup Python Environment
# see https://github.com/actions/setup-python
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
architecture: 'x64'

- name: Install poetry
# see https://github.com/marketplace/actions/setup-poetry
uses: Gr1N/setup-poetry@v8
with:
poetry-version: ${{ env.POETRY_VERSION }}

- name: Install dependencies
run: poetry install --no-root

- name: Run tox
run: poetry run tox -e mypy-${{ matrix.toxenv-factor }} -s false

build-and-test:
name: Test (${{ matrix.os }} py${{ matrix.python-version }} ${{ matrix.toxenv-factor }})
runs-on: ${{ matrix.os }}
timeout-minutes: 10
timeout-minutes: 15
env:
REPORTS_ARTIFACT: tests-reports
strategy:
fail-fast: false
matrix:
os: ['ubuntu-latest', 'windows-latest', 'macos-latest']
python-version:
- "3.10" # highest supported
- "3.11" # highest supported
- "3.10"
- "3.9"
- "3.8"
- "3.7"
- "3.6" # lowest supported
- "3.7" # lowest supported
toxenv-factor: ['locked']
include:
- # test with py36 ubuntu20
os: ubuntu-20.04
python-version: '3.6'
toxenv-factor: 'locked'
- # test with the lowest dependencies
os: ubuntu-20.04
python-version: '3.6'
toxenv-factor: 'lowest'
exclude:
- # no py36 with latest ubuntu - see https://raw.githubusercontent.com/actions/python-versions/main/versions-manifest.json
os: ubuntu-latest
python-version: '3.6'
python-version: '3.7'
toxenv-factor: 'lowest'
steps:
- name: Disabled Git auto EOL CRLF transforms
run: |
git config --global core.autocrlf false
git config --global core.eol lf

- name: Checkout
# see https://github.com/actions/checkout
uses: actions/checkout@v3

- name: Create reports directory
run: mkdir ${{ env.REPORTS_DIR }}

- name: Setup Python Environment
# see https://github.com/actions/setup-python
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
architecture: 'x64'

- name: Validate Python Environment
run: echo "import sys; print('Python %s on %s in %s' % (sys.version, sys.platform, sys.getdefaultencoding()))" | python

- name: Install poetry
# see https://github.com/marketplace/actions/setup-poetry
uses: Gr1N/setup-poetry@v8
with:
poetry-version: ${{ env.POETRY_VERSION }}

- name: Install dependencies
run: poetry install --no-root

- name: Ensure build successful
run: poetry build

- name: Run tox
run: poetry run tox -e py-${{ matrix.toxenv-factor }} -s false

- name: Generate coverage reports
run: >
poetry run coverage report &&
poetry run coverage xml -o ${{ env.REPORTS_DIR }}/coverage-${{ matrix.os }}-${{ matrix.python-version }}-${{ matrix.toxenv-factor }}.xml &&
poetry run coverage html -d ${{ env.REPORTS_DIR }}

- name: Artifact reports
if: ${{ ! cancelled() }}
# see https://github.com/actions/upload-artifact
Expand Down
3 changes: 2 additions & 1 deletion .isort.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ skip_gitignore = false
skip_glob =
build/*,dist/*,__pycache__,.eggs,*.egg-info*,
*_cache,*.cache,
.git/*,.tox/*,.venv/*,venv/*
.git/*,.tox/*,.venv/*,venv/*,.venv*/*,venv*/*,
_OLD/*,_TEST/*,
docs/*
combine_as_imports = true
Expand All @@ -18,3 +18,4 @@ multi_line_output = 3
src_paths =
cyclonedx
tests
typings
6 changes: 3 additions & 3 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ repos:
hooks:
- id: system
name: mypy
entry: poetry run tox -e mypy
entry: poetry run tox -e mypy-locked
pass_filenames: false
language: system
- repo: local
Expand All @@ -17,7 +17,7 @@ repos:
- repo: local
hooks:
- id: system
name: autopep8
entry: poetry run autopep8 --in-place -r cyclonedx tests
name: flake8
entry: poetry run flake8 cyclonedx/ tests/
pass_filenames: false
language: system
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Get it all applied via:

```shell
poetry run isort .
poetry run autopep8 --in-place -r cyclonedx tests
poetry run flake8 cyclonedx/ tests/ typings/
```

## Documentation
Expand Down
18 changes: 10 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,19 +13,21 @@
----

This CycloneDX module for Python can generate valid CycloneDX bill-of-material document containing an aggregate of all
project dependencies.
project dependencies. CycloneDX is a lightweight BOM specification that is easily created, human-readable, and simple
to parse.

This module is not designed for standalone use.
**This module is not designed for standalone use.**

If you're looking for a CycloneDX tool to run to generate (SBOM) software bill-of-materials documents, why not checkout: [CycloneDX Python][cyclonedx-python]
As of version `3.0.0`, the internal data model was adjusted to allow CycloneDX VEX documents to be produced as per
[official examples](https://cyclonedx.org/capabilities/bomlink/#linking-external-vex-to-bom-inventory) linking a VEX
documents to a separate BOM document.

Additionally, the following tool can be used as well (and this library was written to help improve it) [Jake][jake].
If you're looking for a CycloneDX tool to run to generate (SBOM) software bill-of-materials documents, why not checkout
[CycloneDX Python][cyclonedx-python] or [Jake][jake].

Additionally, you can use this module yourself in your application to programmatically generate SBOMs.
Alternatively, you can use this module yourself in your application to programmatically generate CycloneDX BOMs.

CycloneDX is a lightweight BOM specification that is easily created, human-readable, and simple to parse.

View our documentation [here](https://cyclonedx-python-library.readthedocs.io/).
View the documentation [here](https://cyclonedx-python-library.readthedocs.io/).

## Python Support

Expand Down
3 changes: 3 additions & 0 deletions cyclonedx/exception/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,7 @@


class CycloneDxException(Exception):
"""
Root exception thrown by this library.
"""
pass
12 changes: 12 additions & 0 deletions cyclonedx/exception/factory.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,16 +30,28 @@ class CycloneDxFactoryException(CycloneDxException):


class LicenseChoiceFactoryException(CycloneDxFactoryException):
"""
Base exception that covers all LicenseChoiceFactory exceptions.
"""
pass


class InvalidSpdxLicenseException(LicenseChoiceFactoryException):
"""
Thrown when an invalid SPDX License is provided.
"""
pass


class LicenseFactoryException(CycloneDxFactoryException):
"""
Base exception that covers all LicenseFactory exceptions.
"""
pass


class InvalidLicenseExpressionException(LicenseFactoryException):
"""
Thrown when an invalid License expressions is provided.
"""
pass
7 changes: 7 additions & 0 deletions cyclonedx/exception/output.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,13 @@
from . import CycloneDxException


class BomGenerationErrorException(CycloneDxException):
"""
Raised if there is an unknown error.
"""
pass


class FormatNotSupportedException(CycloneDxException):
"""
Exception raised when attempting to output a BOM to a format not supported in the requested version.
Expand Down
4 changes: 4 additions & 0 deletions cyclonedx/factory/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,7 @@
#
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) OWASP Foundation. All Rights Reserved.

"""
Factories used in this library.
"""
Loading