diff --git a/postal/service.go b/postal/service.go index b89561b2..b93cd248 100644 --- a/postal/service.go +++ b/postal/service.go @@ -189,7 +189,11 @@ func (s Service) GenerateBillOfMaterials(dependencies ...Dependency) []packit.BO entry := packit.BOMEntry{ Name: dependency.Name, Metadata: map[string]interface{}{ - "sha256": dependency.SHA256, + "sha256": dependency.SHA256, + "source": map[string]string{ + "sha256": dependency.SourceSHA256, + "uri": dependency.Source, + }, "stacks": dependency.Stacks, "uri": dependency.URI, "version": dependency.Version, diff --git a/postal/service_test.go b/postal/service_test.go index 034c9658..b810e5a4 100644 --- a/postal/service_test.go +++ b/postal/service_test.go @@ -961,29 +961,35 @@ version = "this is super not semver" it("returns a list of BOMEntry values", func() { entries := service.GenerateBillOfMaterials( postal.Dependency{ - ID: "some-entry", - Name: "Some Entry", - SHA256: "some-sha", - Source: "some-source", - Stacks: []string{"some-stack"}, - URI: "some-uri", - Version: "1.2.3", + ID: "some-entry", + Name: "Some Entry", + SHA256: "some-sha", + Source: "some-source", + SourceSHA256: "some-source-sha", + Stacks: []string{"some-stack"}, + URI: "some-uri", + Version: "1.2.3", }, postal.Dependency{ - ID: "other-entry", - Name: "Other Entry", - SHA256: "other-sha", - Source: "other-source", - Stacks: []string{"other-stack"}, - URI: "other-uri", - Version: "4.5.6", + ID: "other-entry", + Name: "Other Entry", + SHA256: "other-sha", + Source: "other-source", + SourceSHA256: "other-source-sha", + Stacks: []string{"other-stack"}, + URI: "other-uri", + Version: "4.5.6", }, ) Expect(entries).To(Equal([]packit.BOMEntry{ { Name: "Some Entry", Metadata: map[string]interface{}{ - "sha256": "some-sha", + "sha256": "some-sha", + "source": map[string]string{ + "sha256": "some-source-sha", + "uri": "some-source", + }, "stacks": []string{"some-stack"}, "uri": "some-uri", "version": "1.2.3", @@ -992,7 +998,11 @@ version = "this is super not semver" { Name: "Other Entry", Metadata: map[string]interface{}{ - "sha256": "other-sha", + "sha256": "other-sha", + "source": map[string]string{ + "sha256": "other-source-sha", + "uri": "other-source", + }, "stacks": []string{"other-stack"}, "uri": "other-uri", "version": "4.5.6", @@ -1005,14 +1015,15 @@ version = "this is super not semver" it("generates a BOM with the CPE", func() { entries := service.GenerateBillOfMaterials( postal.Dependency{ - CPE: "some-cpe", - ID: "some-entry", - Name: "Some Entry", - SHA256: "some-sha", - Source: "some-source", - Stacks: []string{"some-stack"}, - URI: "some-uri", - Version: "1.2.3", + CPE: "some-cpe", + ID: "some-entry", + Name: "Some Entry", + SHA256: "some-sha", + Source: "some-source", + SourceSHA256: "some-source-sha", + Stacks: []string{"some-stack"}, + URI: "some-uri", + Version: "1.2.3", }, ) @@ -1020,8 +1031,12 @@ version = "this is super not semver" { Name: "Some Entry", Metadata: map[string]interface{}{ - "cpe": "some-cpe", - "sha256": "some-sha", + "cpe": "some-cpe", + "sha256": "some-sha", + "source": map[string]string{ + "sha256": "some-source-sha", + "uri": "some-source", + }, "stacks": []string{"some-stack"}, "uri": "some-uri", "version": "1.2.3", @@ -1048,6 +1063,7 @@ version = "this is super not semver" Name: "Some Entry", SHA256: "some-sha", Source: "some-source", + SourceSHA256: "some-source-sha", Stacks: []string{"some-stack"}, URI: "some-uri", Version: "1.2.3", @@ -1060,9 +1076,13 @@ version = "this is super not semver" Metadata: map[string]interface{}{ "deprecation-date": deprecationDate, "sha256": "some-sha", - "stacks": []string{"some-stack"}, - "uri": "some-uri", - "version": "1.2.3", + "source": map[string]string{ + "sha256": "some-source-sha", + "uri": "some-source", + }, + "stacks": []string{"some-stack"}, + "uri": "some-uri", + "version": "1.2.3", }, }, })) @@ -1073,14 +1093,15 @@ version = "this is super not semver" it("generates a BOM with the license information", func() { entries := service.GenerateBillOfMaterials( postal.Dependency{ - ID: "some-entry", - Licenses: []string{"some-license"}, - Name: "Some Entry", - SHA256: "some-sha", - Source: "some-source", - Stacks: []string{"some-stack"}, - URI: "some-uri", - Version: "1.2.3", + ID: "some-entry", + Licenses: []string{"some-license"}, + Name: "Some Entry", + SHA256: "some-sha", + Source: "some-source", + SourceSHA256: "some-source-sha", + Stacks: []string{"some-stack"}, + URI: "some-uri", + Version: "1.2.3", }, ) @@ -1090,9 +1111,13 @@ version = "this is super not semver" Metadata: map[string]interface{}{ "licenses": []string{"some-license"}, "sha256": "some-sha", - "stacks": []string{"some-stack"}, - "uri": "some-uri", - "version": "1.2.3", + "source": map[string]string{ + "sha256": "some-source-sha", + "uri": "some-source", + }, + "stacks": []string{"some-stack"}, + "uri": "some-uri", + "version": "1.2.3", }, }, })) @@ -1103,14 +1128,15 @@ version = "this is super not semver" it("generates a BOM with the pURL", func() { entries := service.GenerateBillOfMaterials( postal.Dependency{ - ID: "some-entry", - Name: "Some Entry", - PURL: "some-purl", - SHA256: "some-sha", - Source: "some-source", - Stacks: []string{"some-stack"}, - URI: "some-uri", - Version: "1.2.3", + ID: "some-entry", + Name: "Some Entry", + PURL: "some-purl", + SHA256: "some-sha", + Source: "some-source", + SourceSHA256: "some-source-sha", + Stacks: []string{"some-stack"}, + URI: "some-uri", + Version: "1.2.3", }, ) @@ -1118,8 +1144,12 @@ version = "this is super not semver" { Name: "Some Entry", Metadata: map[string]interface{}{ - "purl": "some-purl", - "sha256": "some-sha", + "purl": "some-purl", + "sha256": "some-sha", + "source": map[string]string{ + "sha256": "some-source-sha", + "uri": "some-source", + }, "stacks": []string{"some-stack"}, "uri": "some-uri", "version": "1.2.3",