Skip to content

Commit

Permalink
Merge pull request #105 from siemens/development
Browse files Browse the repository at this point in the history
Merge Release v5.1.0 -SBOM Conan
  • Loading branch information
MadanReddyK authored Nov 10, 2023
2 parents 07ac9f3 + 8a31811 commit b6dbdc2
Show file tree
Hide file tree
Showing 22 changed files with 970 additions and 40 deletions.
16 changes: 8 additions & 8 deletions .github/workflows/compile.yml
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ jobs:
$sourceFolder = Join-Path $env:GITHUB_WORKSPACE "out" | Join-Path -ChildPath "*"
$outFolder = Join-Path $env:GITHUB_WORKSPACE "out" | Join-Path -ChildPath "continuous-clearing"
New-Item -ItemType Directory -Force -Path $outFolder
$fileName = "continuous-clearing-5.0.0.zip"
$fileName = "continuous-clearing-5.1.0.zip"
Write-Host "Filename: '$fileName'"
Write-Host "sourceFolder: '$sourceFolder'"
Write-Host "Outfolder: '$outFolder'"
Expand Down Expand Up @@ -138,8 +138,8 @@ jobs:
- name: Create Nuget Packages
id: createNupkg
run: |
nuget pack CA.nuspec -Version 5.0.0
Write-Host "::set-output name=nupkg-LicenseClearingTool::continuous-clearing.5.0.0.nupkg"
nuget pack CA.nuspec -Version 5.1.0
Write-Host "::set-output name=nupkg-LicenseClearingTool::continuous-clearing.5.1.0.nupkg"
- name: Archive NuGet Packages
uses: actions/upload-artifact@v2
Expand All @@ -152,9 +152,9 @@ jobs:
id: builddocker
#if: ${{ false }} # disable for now
run: |
docker build . --file Dockerfile --tag ${{ github.repository }}:continuous-clearing-v5.0.0
docker save ${{ github.repository }}:continuous-clearing-v5.0.0 -o continuous-clearing-v5.0.0.tar
Write-Host "::set-output name=docker-LicenseClearingTool::continuous-clearing-v5.0.0.tar"
docker build . --file Dockerfile --tag ${{ github.repository }}:continuous-clearing-v5.1.0
docker save ${{ github.repository }}:continuous-clearing-v5.1.0 -o continuous-clearing-v5.1.0.tar
Write-Host "::set-output name=docker-LicenseClearingTool::continuous-clearing-v5.1.0.tar"
- name: Archive docker image
#if: ${{ false }} # disable for now
Expand Down Expand Up @@ -195,9 +195,9 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: v5.0.0
tag_name: v5.1.0
#tag_name: ${{ needs.build.outputs.semver }}
release_name: Release v5.0.0
release_name: Release v5.1.0
body: |
${{ github.event.head_commit.message }}
draft: true
Expand Down
4 changes: 2 additions & 2 deletions CA.nuspec
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<package >
<metadata>
<id>continuous-clearing</id>
<version>5.0.0</version>
<version>5.1.0</version>
<authors>Siemens AG</authors>
<owners>continuous-clearing contributors</owners>
<projectUrl>https://github.com/siemens/continuous-clearing</projectUrl>
Expand All @@ -13,7 +13,7 @@
<requireLicenseAcceptance>false</requireLicenseAcceptance>
<description>
The License clearing tool helps the Project Manager/Developer, to reduce the manual effort and enable the faster license clearing process,
by automatically identifying the third party oss components used in their project(i.e., npm, nuget, maven,python and Debian type) and it creates them in the sw360 and fossology
by automatically identifying the third party oss components used in their project(i.e., npm, nuget, maven, python, conan and Debian type) and it creates them in the sw360 and fossology
for clearing license
</description>
<releaseNotes></releaseNotes>
Expand Down
2 changes: 1 addition & 1 deletion ReadmeOSS_continuous-clearing_DockerImage.html
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@
</title>
</head>
<body>
<h1>Clearing Automation Docker Image V5.0.0</h1>
<h1>Clearing Automation Docker Image V5.1.0</h1>
<h2>Open Source Software</h2>
English / English
<br>
Expand Down
2 changes: 1 addition & 1 deletion ReadmeOSS_continuous-clearing_nupkg.html
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@
</title>
</head>
<body>
<h1>continuous-clearing V5.0.0</h1>
<h1>continuous-clearing V5.1.0</h1>
<h2>Open Source Software</h2>
English / English
<br>
Expand Down
36 changes: 27 additions & 9 deletions doc/UsageDoc/CA_UsageDocument.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,20 +46,21 @@
<!--te-->
# Introduction

The Continuous Clearing Tool helps the Project Manager/Developer to automate the sw360 clearing process of 3rd party components. This tool scans and identifies the third-party components used in a NPM, NUGET, MAVEN,PYTHON and Debian projects and makes an entry in SW360, if it is not present. Continuous Clearing Tool links the components to the respective project and creates job for code scan in FOSSology.The output is an SBOM file which has a nested description of software artifact components and metadata.
The Continuous Clearing Tool helps the Project Manager/Developer to automate the sw360 clearing process of 3rd party components. This tool scans and identifies the third-party components used in a NPM, NUGET, MAVEN, PYTHON, CONAN and Debian projects and makes an entry in SW360, if it is not present. Continuous Clearing Tool links the components to the respective project and creates job for code scan in FOSSology.The output is an SBOM file which has a nested description of software artifact components and metadata.

Continuous Clearing Tool reduces the effort in creating components in SW360 and identifying the matching source codes from the public repository. Tool eliminates the manual error while creating component and identifying correct version of source code from public repository. Continuous Clearing Tool harmonize the creation of 3P components in SW360 by filling necessary information.

# Continuous Clearing Tool workflow diagram

- Package Identifier
- [NPM/NUGET/MAVEN/PYTHON](../usagedocimg/packageIdentifiernpmnuget.PNG)

- [NPM/NUGET/MAVEN/PYTHON/CONAN](../usagedocimg/packageIdentifiernpmnuget.PNG)
- [Debian](../usagedocimg/packageIdentifierdebian.PNG)
- SW360 Package Creator
- [NPM/NUGET/MAVEN/PYTHON](../usagedocimg/packageCreatirnpmnuget.PNG)
- [NPM/NUGET/MAVEN/PYTHON/CONAN](../usagedocimg/packageCreatirnpmnuget.PNG)
- [Debian](../usagedocimg/packagecreatordebian.PNG)
- Artifactory Uploader
- [NPM/NUGET/MAVEN/PYTHON](../usagedocimg/artifactoryuploader.PNG)
- [NPM/NUGET/MAVEN/PYTHON/CONAN](../usagedocimg/artifactoryuploader.PNG)

# Prerequisite

Expand Down Expand Up @@ -158,11 +159,18 @@ Continuous Clearing Tool reduces the effort in creating components in SW360 and

mvn clean install -DskipTests=true

- **Project Type :** **Python**
- **Project Type :** **Python**

* Input file repository should contain **poetry.lock** file.
- **Project Type :** **Debian**
- **Project Type :** **Conan**

* Input file repository should contain **conan.lock** file.
`Note : Conan package support in clearing tool is currently only for SBOM discovery and classification.Component Creation and Source code identification is not supported currently`

- **Project Type :** **Debian**
**Note** : below steps is required only if you have `tar` file to process , otherwise you can keep `CycloneDx.json` file in the InputDirectory.
* Create `InputImage` directory for keeping `tar` images and `InputDirectory` for resulted file storing .
Expand Down Expand Up @@ -260,11 +268,21 @@ Continuous Clearing Tool reduces the effort in creating components in SW360 and
"Include": [ "poetry.lock", "*.cdx.json" ],
"Exclude": [],
"JfrogPythonRepoList": [
<Python Remote Cache Repo Name>, //This is a mirror repo for pypi in JFrog
"<Python Release Repo Name>" //This should be the release pypi in JFrog
"<Python Remote Cache Repo Name>",
"<Python Release Repo Name>",//This should be the release repo in JFrog
],
"ExcludedComponents": []
},
"Conan": {
"Include": [ "conan.lock"],
"Exclude": [],
"JfrogConanRepoList": [
"<Conan Remote Cache Repo Name>",
"<Conan Release Repo Name>",
],
"ExcludedComponents": []
}
}
```

Expand Down
1 change: 1 addition & 0 deletions src/LCT.APICommunications/ApiConstant.cs
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ public static class ApiConstant
public const string ComponentNameUrl = "?name=";
public const string NPMExternalID = "pkg:npm/";
public const string NugetExternalID = "pkg:nuget/";
public const string ConanExternalID = "pkg:conan/";
public const string NpmExtension = ".tgz";
public const string NugetExtension = ".nupkg";
public const string MavenExtension = "-sources.jar";
Expand Down
1 change: 1 addition & 0 deletions src/LCT.Common/CommonAppSettings.cs
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ public CommonAppSettings(IFolderAction iFolderAction)
public Config Maven { get; set; }
public Config Debian { get; set; }
public Config Python { get; set; }
public Config Conan { get; set; }
public string CaVersion { get; set; }
public string CycloneDxSBomTemplatePath { get; set; }
public string[] InternalRepoList { get; set; }
Expand Down
14 changes: 14 additions & 0 deletions src/LCT.Common/CommonHelper.cs
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
// --------------------------------------------------------------------------------------------------------------------

using CycloneDX.Models;
using LCT.Common.Constants;
using LCT.Common.Model;
using log4net;
using log4net.Core;
Expand Down Expand Up @@ -228,5 +229,18 @@ public static bool ComponentPropertyCheck(Component component, string constant)
}
return component.Properties.Exists(x => x.Name == constant);
}

public static void GetDetailsforManuallyAdded(List<Component> componentsForBOM, List<Component> listComponentForBOM)
{
foreach (var component in componentsForBOM)
{
component.Properties = new List<Property>();
Property isDev = new() { Name = Dataconstant.Cdx_IsDevelopment, Value = "false" };
Property identifierType = new() { Name = Dataconstant.Cdx_IdentifierType, Value = Dataconstant.ManullayAdded };
component.Properties.Add(isDev);
component.Properties.Add(identifierType);
listComponentForBOM.Add(component);
}
}
}
}
1 change: 1 addition & 0 deletions src/LCT.Common/Constants/Dataconstant.cs
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ public static class Dataconstant
{"DEBIAN", "pkg:deb/debian"},
{"MAVEN", "pkg:maven"},
{"PYTHON", "pkg:pypi"},
{"CONAN", "pkg:conan"},
};

//Identified types
Expand Down
4 changes: 2 additions & 2 deletions src/LCT.Common/CycloneDXBomParser.cs
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,8 @@ public static Bom ExtractSBOMDetailsFromTemplate(Bom template)
}

//Taking SBOM Template Metadata
bom.Metadata = template?.Metadata;
bom.Dependencies = template?.Dependencies;
bom.Metadata = template.Metadata;
bom.Dependencies = template.Dependencies;
return bom;
}

Expand Down
1 change: 1 addition & 0 deletions src/LCT.Common/Model/Config.cs
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ public class Config
public string[] JfrogNugetRepoList { get; set; }
public string[] JfrogMavenRepoList { get; set; }
public string[] JfrogPythonRepoList { get; set; }
public string[] JfrogConanRepoList { get; set; }
public string[] DevDependentScopeList { get; set; }

}
Expand Down
9 changes: 9 additions & 0 deletions src/LCT.Common/appSettings.json
Original file line number Diff line number Diff line change
Expand Up @@ -75,5 +75,14 @@
"<Python Release Repo Name>" //This should be the release pypi in JFrog
],
"ExcludedComponents": []
},
"Conan": {
"Include": [ "conan.lock" ],
"Exclude": [],
"JfrogConanRepoList": [
"<Conan Remote Cache Repo Name>", //This is a mirror repo for conan in JFrog
"<Conan Release Repo Name>" //This should be the release repo in JFrog
],
"ExcludedComponents": []
}
}
Loading

0 comments on commit b6dbdc2

Please sign in to comment.