Skip to content

Commit

Permalink
Merge pull request #283 from CycloneDX/tool-goal
Browse files Browse the repository at this point in the history
add effective goal into BOM tool name
  • Loading branch information
hboutemy authored Feb 15, 2023
2 parents 1039975 + 6132313 commit d383c50
Show file tree
Hide file tree
Showing 7 changed files with 43 additions and 31 deletions.
18 changes: 11 additions & 7 deletions src/it/makeAggregateBom/verify.groovy
Original file line number Diff line number Diff line change
@@ -1,17 +1,21 @@
void assertBomFiles(String path) {
void assertBomFiles(String path, boolean aggregate) {
File bomFileXml = new File(basedir, path + ".xml")
File bomFileJson = new File(basedir, path + ".json")

assert bomFileXml.exists()
assert bomFileJson.exists()

String analysis = aggregate ? "makeAggregateBom" : "makeBom"
assert bomFileXml.text.contains('<name>CycloneDX Maven plugin ' + analysis + '</name>')
assert bomFileJson.text.contains('"name" : "CycloneDX Maven plugin ' + analysis + '"')
}

assertBomFiles("target/bom") // aggregate
assertBomFiles("api/target/bom")
assertBomFiles("util/target/bom")
assertBomFiles("impls/target/bom")
assertBomFiles("impls/impl-A/target/bom")
assertBomFiles("impls/impl-B/target/bom")
assertBomFiles("target/bom", true) // aggregate
assertBomFiles("api/target/bom", false)
assertBomFiles("util/target/bom", false)
assertBomFiles("impls/target/bom", false)
assertBomFiles("impls/impl-A/target/bom", false)
assertBomFiles("impls/impl-B/target/bom", false)

var buildLog = new File(basedir, "build.log").text

Expand Down
19 changes: 14 additions & 5 deletions src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,15 @@ protected Component convert(Artifact artifact) {
return modelConverter.convert(artifact, schemaVersion(), includeLicenseText);
}

protected abstract boolean analyze(Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException;
/**
* Analyze the project dependencies to fill the BOM components list and their dependencies.
*
* @param components the components set to fill
* @param dependencies the dependencies set to fill
* @return the name of the analysis done to store as a BOM, or {@code null} to not save result.
* @throws MojoExecutionException something weird happened...
*/
protected abstract String analyze(Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException;

public void execute() throws MojoExecutionException {
final boolean shouldSkip = Boolean.parseBoolean(System.getProperty("cyclonedx.skip", Boolean.toString(skip)));
Expand All @@ -259,20 +267,21 @@ public void execute() throws MojoExecutionException {
final Set<Component> components = new LinkedHashSet<>();
final Set<Dependency> dependencies = new LinkedHashSet<>();

if (analyze(components, dependencies)) {
generateBom(components, dependencies);
String analysis = analyze(components, dependencies);
if (analysis != null) {
generateBom(analysis, components, dependencies);
}
}

private void generateBom(Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException {
private void generateBom(String analysis, Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException {
try {
getLog().info(MESSAGE_CREATING_BOM);
final Bom bom = new Bom();
if (schemaVersion().getVersion() >= 1.1 && includeBomSerialNumber) {
bom.setSerialNumber("urn:uuid:" + UUID.randomUUID());
}
if (schemaVersion().getVersion() >= 1.2) {
final Metadata metadata = modelConverter.convert(project, projectType, schemaVersion(), includeLicenseText);
final Metadata metadata = modelConverter.convert(project, analysis, projectType, schemaVersion(), includeLicenseText);
bom.setMetadata(metadata);
}
bom.setComponents(new ArrayList<>(components));
Expand Down
11 changes: 6 additions & 5 deletions src/main/java/org/cyclonedx/maven/CycloneDxAggregateMojo.java
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import org.apache.maven.plugins.annotations.ResolutionScope;
import org.apache.maven.project.MavenProject;
import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalysis;
import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalyzerException;
import org.cyclonedx.model.Component;
import org.cyclonedx.model.Dependency;

Expand Down Expand Up @@ -105,14 +106,14 @@ protected void logAdditionalParameters() {
getLog().info("outputReactorProjects : " + outputReactorProjects);
}

protected boolean analyze(final Set<Component> components, final Set<Dependency> dependencies) throws MojoExecutionException {
protected String analyze(final Set<Component> components, final Set<Dependency> dependencies) throws MojoExecutionException {
if (! getProject().isExecutionRoot()) {
// non-root project: let parent class create a module-only BOM?
if (outputReactorProjects) {
return super.analyze(components, dependencies);
}
getLog().info("Skipping CycloneDX on non-execution root");
return false;
return null;
}

// root project: analyze and aggregate all the modules
Expand All @@ -131,8 +132,8 @@ protected boolean analyze(final Set<Component> components, final Set<Dependency>
try {
ProjectDependencyAnalysis dependencyAnalysis = dependencyAnalyzer.analyze(mavenProject);
dependencyAnalysisMap.put(mavenProject.getArtifactId(), dependencyAnalysis);
} catch (Exception e) {
getLog().debug(e);
} catch (ProjectDependencyAnalyzerException pdae) {
getLog().debug("Could not analyze " + mavenProject.getId(), pdae); // TODO should warn...
}
}

Expand Down Expand Up @@ -192,7 +193,7 @@ protected boolean analyze(final Set<Component> components, final Set<Dependency>
}
}
addMavenProjectsAsDependencies(reactorProjects, dependencies);
return true;
return "makeAggregateBom";
}

private void addMavenProjectsAsDependencies(List<MavenProject> reactorProjects, Set<Dependency> dependencies) {
Expand Down
15 changes: 6 additions & 9 deletions src/main/java/org/cyclonedx/maven/CycloneDxMojo.java
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalysis;
import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalyzer;
import org.codehaus.plexus.PlexusContainer;
import org.codehaus.plexus.component.repository.exception.ComponentLookupException;
import org.cyclonedx.model.Component;
import org.cyclonedx.model.Dependency;
import java.util.LinkedHashSet;
Expand Down Expand Up @@ -69,18 +70,14 @@ public class CycloneDxMojo extends BaseCycloneDxMojo {
* @throws MojoExecutionException in case of an error.
*/
protected ProjectDependencyAnalyzer createProjectDependencyAnalyzer() throws MojoExecutionException {
final String role = ProjectDependencyAnalyzer.class.getName();
final String roleHint = analyzer;
try {
return (ProjectDependencyAnalyzer) plexusContainer.lookup(role, roleHint);
}
catch (Exception exception) {
throw new MojoExecutionException("Failed to instantiate ProjectDependencyAnalyser with role " + role
+ " / role-hint " + roleHint, exception);
return (ProjectDependencyAnalyzer) plexusContainer.lookup(ProjectDependencyAnalyzer.class, analyzer);
} catch (ComponentLookupException cle) {
throw new MojoExecutionException("Failed to instantiate ProjectDependencyAnalyser with role-hint " + analyzer, cle);
}
}

protected boolean analyze(final Set<Component> components, final Set<Dependency> dependencies) throws MojoExecutionException {
protected String analyze(final Set<Component> components, final Set<Dependency> dependencies) throws MojoExecutionException {
final Set<String> componentRefs = new LinkedHashSet<>();
// Use default dependency analyzer
dependencyAnalyzer = createProjectDependencyAnalyzer();
Expand Down Expand Up @@ -111,7 +108,7 @@ protected boolean analyze(final Set<Component> components, final Set<Dependency>
if (schemaVersion().getVersion() >= 1.2) {
dependencies.addAll(buildDependencyGraph(null));
}
return true;
return "makeBom";
}

/**
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/org/cyclonedx/maven/CycloneDxPackageMojo.java
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ protected boolean shouldInclude(MavenProject mavenProject) {
return Arrays.asList(new String[]{"war", "ear"}).contains(mavenProject.getPackaging());
}

protected boolean analyze(Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException {
protected String analyze(Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException {
final Set<String> componentRefs = new LinkedHashSet<>();
getLog().info(MESSAGE_RESOLVING_DEPS);

Expand All @@ -77,6 +77,6 @@ protected boolean analyze(Set<Component> components, Set<Dependency> dependencie
dependencies.addAll(buildDependencyGraph(mavenProject));
}
}
return true;
return "makePackageBom";
}
}
4 changes: 2 additions & 2 deletions src/main/java/org/cyclonedx/maven/DefaultModelConverter.java
Original file line number Diff line number Diff line change
Expand Up @@ -315,11 +315,11 @@ else if (licenseChoiceToResolve.getExpression() != null && CycloneDxSchema.Versi
return false;
}

public Metadata convert(final MavenProject project, String projectType, CycloneDxSchema.Version schemaVersion, boolean includeLicenseText) {
public Metadata convert(final MavenProject project, String analysis, String projectType, CycloneDxSchema.Version schemaVersion, boolean includeLicenseText) {
final Tool tool = new Tool();
final Properties properties = readPluginProperties();
tool.setVendor(properties.getProperty("vendor"));
tool.setName(properties.getProperty("name"));
tool.setName(properties.getProperty("name") + ' ' + analysis);
tool.setVersion(properties.getProperty("version"));
// Attempt to add hash values from the current mojo
final Artifact self = new DefaultArtifact(properties.getProperty("groupId"), properties.getProperty("artifactId"),
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/cyclonedx/maven/ModelConverter.java
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,11 @@ public interface ModelConverter {
* Converts a MavenProject into a Metadata object.
*
* @param project the MavenProject to convert
* @param analysis type of analysis
* @param projectType the target CycloneDX component type
* @param schemaVersion the target CycloneDX schema version
* @param includeLicenseText should license text be included in bom?
* @return a CycloneDX Metadata object
*/
Metadata convert(MavenProject project, String projectType, CycloneDxSchema.Version schemaVersion, boolean includeLicenseText);
Metadata convert(MavenProject project, String analysis, String projectType, CycloneDxSchema.Version schemaVersion, boolean includeLicenseText);
}

0 comments on commit d383c50

Please sign in to comment.