Skip to content

add dependencies #296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
May 6, 2022
Merged

add dependencies #296

merged 9 commits into from
May 6, 2022
+1,424 −10

Conversation

kabo
Copy link
Contributor

@kabo kabo commented May 4, 2022

Closes #61

#244 seems to have stalled...

This should be enough to to add dependencies though?

If someone could please direct me to some docs on how to generate new test snapshots I could do that as well.

add dependencies
462b5eb 
Signed-off-by: Calle Kabo <calle@kabo.nu>
@kabo kabo requested a review from a team as a code owner May 4, 2022 11:09
@jkowalleck
Copy link
Member

jkowalleck commented May 5, 2022
edited
Loading

@kabo

If someone could please direct me to some docs on how to generate new test snapshots I could do that as well.

just run the tests as described here: https://github.com/CycloneDX/cyclonedx-node-module/blob/master/CONTRIBUTING.md
jest will tell you how to generate new snapshots.

Snapshot Summary
 › 12 snapshots failed from 1 test suite. Inspect your code changes or run `npm run test:jest -- -u` to update them.

Test Suites: 1 failed, 5 passed, 6 total
Tests:       12 failed, 39 passed, 51 total
Snapshots:   12 failed, 6 passed, 18 total
Time:        2.987 s
Ran all test suites.

see https://github.com/CycloneDX/cyclonedx-node-module/runs/6302754636?check_suite_focus=true#step:8:1310

updated test snapshot
5125ac1 
Signed-off-by: Calle Kabo <calle@kabo.nu>
jkowalleck
jkowalleck requested changes May 5, 2022
View reviewed changes
@jkowalleck
Copy link
Member

@kabo please rebase on latest master

kabo and others added 4 commits May 6, 2022 09:21
@kabo
Merge branch 'CycloneDX:master' into master
d76fe98
add root component to dependencies
00ee0cc 
Signed-off-by: Calle Kabo <calle@kabo.nu>
add return type
134f9d1 
Signed-off-by: Calle Kabo <calle@kabo.nu>
fixed a bug when sorting dependencies
ff48d2a 
Signed-off-by: Calle Kabo <calle@kabo.nu>
jkowalleck
jkowalleck requested changes May 5, 2022
View reviewed changes
jkowalleck
jkowalleck requested changes May 5, 2022
View reviewed changes
revert bad changes
6a07ed4 
Signed-off-by: Calle Kabo <calle@kabo.nu>
jkowalleck
jkowalleck reviewed May 5, 2022
View reviewed changes
always add dependency
6e8ea0c 
Signed-off-by: Calle Kabo <calle@kabo.nu>
@jkowalleck
Copy link
Member

the dependency graph might look like an easy feature at first,
but the spec is more complex than it might look like.

it is totally understandable, that this feature needs some back and forth, and lots of reading of examples

here a re some resources that helped implementing the feature in other tools

@jkowalleck
Copy link
Member

jkowalleck commented May 5, 2022
edited
Loading

implementation looks promising.
will review the snapshots from integration tests soon,
to make sure that all results are valid to CycloneDX spec and valid according to JSON schema / XML xsd

@jkowalleck jkowalleck self-assigned this May 5, 2022
@jkowalleck jkowalleck self-requested a review May 5, 2022 23:16
@jkowalleck
Copy link
Member

jkowalleck commented May 5, 2022
edited
Loading

@kabo could you add a entry to the HISTORY?
see https://github.com/CycloneDX/cyclonedx-node-module/blob/master/HISTORY.md

the format could look like this:

# Changelog

All notable changes to this project will be documented in this file.

## unreleased

* Added
  * Dependency graph is built and emitted. ([#61] via [#296]) 

[#61]: https://github.com/CycloneDX/cyclonedx-node-module/issues/61
[#296]: https://github.com/CycloneDX/cyclonedx-node-module/pull/296

## 3.8.1 - 2022-05-05

updated HISTORY
d7e7dc7 
Signed-off-by: Calle Kabo <calle@kabo.nu>
@jkowalleck
Copy link
Member

implementation looks promising. will review the snapshots from integration tests soon, to make sure that all results are valid to CycloneDX spec and valid according to JSON schema / XML xsd

reviewed the snapshots. all looks good.
trees are complete from root to leafs.
one exception: the example where the package name is missing, then the purl is not generated and therefore the bomref is missing. this example is properly handled, and currently acceptable.

@jkowalleck jkowalleck removed their assignment May 6, 2022
@jkowalleck jkowalleck merged commit 31667e4 into CycloneDX:master May 6, 2022
@jkowalleck jkowalleck mentioned this pull request May 6, 2022
Closed
@jkowalleck
Copy link
Member

thanks you for the feature, @kabo .
it was part of release 3.9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkowalleck jkowalleck

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for dependency graph introduced in v1.2 of the spec
2 participants
@kabo @jkowalleck