MAJOR: ESM Conversion for v9. (CycloneDX#363)

* Removed an old parse package json package Signed-off-by: Prabhu Subramanian <[email protected]> Update glob Signed-off-by: Prabhu Subramanian <[email protected]> Lib update Signed-off-by: Prabhu Subramanian <[email protected]> ESM conversion Signed-off-by: Prabhu Subramanian <[email protected]> Lint fixes Signed-off-by: Prabhu Subramanian <[email protected]> Lint fixes Signed-off-by: Prabhu Subramanian <[email protected]> Review comments Signed-off-by: Prabhu Subramanian <[email protected]> Only generate json or xml bom and not both Signed-off-by: Prabhu Subramanian <[email protected]> Improve pip install error info Signed-off-by: Prabhu Subramanian <[email protected]> Use json for dependency track submission Signed-off-by: Prabhu Subramanian <[email protected]> * 1.5 spec Signed-off-by: Prabhu Subramanian <[email protected]> --------- Signed-off-by: Prabhu Subramanian <[email protected]>
AnsahMohammad · Jun 26, 2023 · 700cbd8 · 700cbd8
1 parent 7841cb5
commit 700cbd8
Show file tree

Hide file tree

Showing 30 changed files with 12,322 additions and 1,913 deletions.
diff --git a/.eslintrc.js → .eslintrc.cjs b/.eslintrc.js → .eslintrc.cjs
@@ -1,14 +1,14 @@
 module.exports = {
     "env": {
         "node": true,
-        "commonjs": true,
         "es2021": true
     },
     "extends": "eslint:recommended",
     "overrides": [
     ],
     "parserOptions": {
-        "ecmaVersion": "latest"
+        "ecmaVersion": "latest",
+        "sourceType": "module"
     },
     "rules": {
     }

diff --git a/.github/workflows/app-release.yml b/.github/workflows/app-release.yml
@@ -13,22 +13,7 @@ jobs:
     - name: Use Node.js
       uses: actions/setup-node@v3
       with:
-        node-version: 18.x
-    - name: Install ldid
-      uses: MOZGIII/install-ldid-action@v1
-      with:
-        tag: v2.1.5-procursus6
-    - name: Produce pkg - 18
-      run: |
-        sudo npm install -g pkg
-        npm install
-        pkg -t node18-alpine,node18-linux,node18-win,node18-mac,node18-mac-arm64 --no-bytecode --no-native-build --compress GZip --public package.json --out-path dist
-        chmod +x dist/cdxgen*
-        for f in `ls dist`; do sha256sum dist/$f > dist/$f.sha256 ; done
-    - name: Test pkg
-      run: |
-        ./dist/cdxgen-linux-x64 -v
-        ./dist/cdxgen-linux-x64 .
+        node-version: 20.x
     - name: Install dependencies
       run: |
         sudo apt-get install -y python3.8 python3.8-dev python3-pip python3-testresources python3-setuptools patchelf desktop-file-utils libgdk-pixbuf2.0-dev
@@ -43,9 +28,9 @@ jobs:
         appimage-builder --recipe appimage-builder.yml --skip-test
       env:
         UPDATE_INFO: gh-releases-zsync|cyclonedx|cdxgen|latest|*x86_64.AppImage.zsync
-    - name: Zip pkg - lts
+    - name: Zip app image
       run: |
-        zip --junk-paths -r cdxgen-dist.zip dist cdxgen-latest-x86_64.AppImage
+        zip --junk-paths -r cdxgen-dist.zip cdxgen-latest-x86_64.AppImage
     - name: Release
       uses: softprops/action-gh-release@v1
       if: startsWith(github.ref, 'refs/tags/')

diff --git a/.github/workflows/dockertests.yml b/.github/workflows/dockertests.yml
@@ -23,6 +23,10 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
       - name: npm install, build and test
         run: |
           npm install
@@ -41,35 +45,27 @@ jobs:
           wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64
           mv cyclonedx-linux-x64 cyclonedx
           chmod +x cyclonedx
-          bin/cdxgen phpmyadmin@sha256:1092481630056189e43cc0fe66fd01defcc9334d78ab4611b22f65e9a39869bd -p -o bomresults/bom-phpmyadmin.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-phpmyadmin.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-phpmyadmin.xml --input-format xml --input-version v1_4
-          bin/cdxgen shiftleft/scan-slim -o bomresults/bom-scanslim.json -p -t docker
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-scanslim.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-scanslim.xml --input-format xml --input-version v1_4
-          bin/cdxgen redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e -p -o bomresults/bom-redmine.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-redmine.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-redmine.xml --input-format xml --input-version v1_4
-          bin/cdxgen rocket.chat@sha256:379f7afa0e67497c363ac9a9b3e7e6a6d31deee228233307c987e4a0c68b28e6 -p -o bomresults/bom-rocket.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-rocket.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-rocket.xml --input-format xml --input-version v1_4
-          bin/cdxgen sonarqube@sha256:7c0edcb99c964984db6d24330db33bb12de1e8ae0d5974d77640b1efea1483d1 -p -o bomresults/bom-sonar.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-sonar.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-sonar.xml --input-format xml --input-version v1_4
-          bin/cdxgen zookeeper@sha256:5bf00616677db5ef57d8a2da7c5dadf67f1a6be54b0c33a79be3332c9c80aeb6 -p -o bomresults/bom-zoo.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-zoo.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-zoo.xml --input-format xml --input-version v1_4
+          pip install -r contrib/requirements.txt
+          bin/cdxgen.js phpmyadmin@sha256:1092481630056189e43cc0fe66fd01defcc9334d78ab4611b22f65e9a39869bd -p -o bomresults/bom-phpmyadmin.json
+          python contrib/bom-validate.py --json bomresults/bom-phpmyadmin.json
+          bin/cdxgen.js shiftleft/scan-slim -o bomresults/bom-scanslim.json -p -t docker
+          python contrib/bom-validate.py --json bomresults/bom-scanslim.json
+          bin/cdxgen.js redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e -p -o bomresults/bom-redmine.json
+          python contrib/bom-validate.py --json bomresults/bom-redmine.json
+          bin/cdxgen.js rocket.chat@sha256:379f7afa0e67497c363ac9a9b3e7e6a6d31deee228233307c987e4a0c68b28e6 -p -o bomresults/bom-rocket.json
+          python contrib/bom-validate.py --json bomresults/bom-rocket.json
+          bin/cdxgen.js sonarqube@sha256:7c0edcb99c964984db6d24330db33bb12de1e8ae0d5974d77640b1efea1483d1 -p -o bomresults/bom-sonar.json
+          python contrib/bom-validate.py --json bomresults/bom-sonar.json
+          bin/cdxgen.js zookeeper@sha256:5bf00616677db5ef57d8a2da7c5dadf67f1a6be54b0c33a79be3332c9c80aeb6 -p -o bomresults/bom-zoo.json
+          python contrib/bom-validate.py --json bomresults/bom-zoo.json
           docker pull shiftleft/scan-slim:latest
           docker save -o /tmp/scanslim.tar shiftleft/scan-slim:latest
-          bin/cdxgen /tmp/scanslim.tar -o bomresults/bom-scanarch.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-scanarch.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-scanarch.xml --input-format xml --input-version v1_4
-          bin/cdxgen -t docker-compose test/data -o bomresults/bom-dc.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-dc.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-dc.xml --input-format xml --input-version v1_4
-          bin/cdxgen -t operator repotests/grafana-operator -o bomresults/bom-op.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-op.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-op.xml --input-format xml --input-version v1_4
+          bin/cdxgen.js /tmp/scanslim.tar -o bomresults/bom-scanarch.json
+          python contrib/bom-validate.py --json bomresults/bom-scanarch.json
+          bin/cdxgen.js -t docker-compose test/data -o bomresults/bom-dc.json
+          python contrib/bom-validate.py --json bomresults/bom-dc.json
+          bin/cdxgen.js -t operator repotests/grafana-operator -o bomresults/bom-op.json
+          python contrib/bom-validate.py --json bomresults/bom-op.json
           ls -ltr bomresults
       - uses: actions/upload-artifact@v1
         with:
@@ -89,6 +85,10 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
       - name: npm install, build and test
         run: |
           npm install
@@ -102,9 +102,9 @@ jobs:
           wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64
           mv cyclonedx-linux-x64 cyclonedx
           chmod +x cyclonedx
-          bin/cdxgen -t os -o bomresults/bom-os.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-os.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-os.xml --input-format xml --input-version v1_4
+          pip install -r contrib/requirements.txt
+          bin/cdxgen.js -t os -o bomresults/bom-os.json
+          python contrib/bom-validate.py --json bomresults/bom-os.json
         env:
           CDXGEN_DEBUG_MODE: debug
       - uses: actions/upload-artifact@v1
@@ -125,6 +125,10 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
       - name: npm install, build
         run: |
           npm install
@@ -136,9 +140,9 @@ jobs:
       - name: wintests
         run: |
           Invoke-WebRequest -Uri https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-win-x64.exe -UseBasicParsing -OutFile cyclonedx.exe
-          node bin/cdxgen -t os -o bomresults/bom-win.json
-          .\cyclonedx.exe validate --fail-on-errors --input-file bomresults\\bom-win.json --input-format json --input-version v1_4
-          .\cyclonedx.exe validate --fail-on-errors --input-file bomresults\\bom-win.xml --input-format xml --input-version v1_4
+          node bin/cdxgen.js -t os -o bomresults/bom-win.json
+          python -m pip install -r contrib/requirements.txt
+          python contrib/bom-validate.py --json bomresults/bom-win.json
           dir bomresults
         env:
           CDXGEN_DEBUG_MODE: debug

diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
@@ -5,8 +5,8 @@ on:
     branches:
       - master
       - feature/*
-      - release/*
-      - fix/*
+    tags:
+    - 'v*'
   workflow_dispatch:
 jobs:
   build:
@@ -30,25 +30,49 @@ jobs:
           npm test
         env:
           CI: true
-  pkg:
-    runs-on: ubuntu-latest
+  sae-builds:
+    strategy:
+      matrix:
+        os: [windows, macos, ubuntu]
+        include:
+          - os: windows
+            build: |
+              npx caxa --input . --output "cdxgen.exe" -- "{{caxa}}/node_modules/.bin/node" "{{caxa}}/bin/cdxgen.js"
+              .\cdxgen.exe --verion
+              (Get-FileHash .\cdxgen.exe).hash | Out-File -FilePath .\cdxgen.exe.sha256
+            artifact: cdxgen.exe
+          - os: macos
+            build: |
+              npx caxa --input . --output "cdxgen.app" -- "{{caxa}}/node_modules/.bin/node" "{{caxa}}/bin/cdxgen.js"
+              tar -czf "cdxgen.app.tgz" cdxgen.app
+              shasum -a 256 cdxgen.app.tgz > cdxgen.app.tgz.sha256
+            artifact: cdxgen.app.tgz
+          - os: ubuntu
+            build: |
+              npx caxa --input . --output "cdxgen" -- "{{caxa}}/node_modules/.bin/node" "{{caxa}}/bin/cdxgen.js"
+              chmod +x cdxgen
+              ./cdxgen --version
+              sha256sum cdxgen > cdxgen.sha256
+            artifact: cdxgen
+    runs-on: ${{ matrix.os }}-latest
     steps:
       - uses: actions/checkout@v3
       - name: Use Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: 18.x
-      - name: Produce pkg - lts
+          node-version: 20.x
+      - name: Produce sae
         run: |
-          sudo npm install -g pkg
-          npm install
-          pkg -t node18-linux,node18-win,node18-mac package.json --out-path dist
-      - name: Test pkg
-        run: |
-          chmod +x dist/cdxgen*
-          ./dist/cdxgen-linux -v
-          ./dist/cdxgen-linux . -p
-      - uses: actions/upload-artifact@v1
+          npm ci
+          ${{ matrix.build }}
+      - uses: actions/upload-artifact@v2
+        with:
+          name: ${{ matrix.artifact }}
+          path: ${{ matrix.artifact }}
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        if: startsWith(github.ref, 'refs/tags/')
         with:
-          name: dist
-          path: dist
+          files: |
+            ${{ matrix.artifact }}
+            ${{ matrix.artifact }}.sha256
diff --git a/.github/workflows/python-atom-tests.yml b/.github/workflows/python-atom-tests.yml
@@ -61,48 +61,35 @@ jobs:
           wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.24.2/cyclonedx-linux-x64
           mv cyclonedx-linux-x64 cyclonedx
           chmod +x cyclonedx
-          bin/cdxgen -p -r -t python repotests/scipy -o bomresults/bom-scipy.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-scipy.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-scipy.xml --input-format xml --input-version v1_4
-          bin/cdxgen -p -r -t python repotests/black -o bomresults/bom-black.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-black.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-black.xml --input-format xml --input-version v1_4
-          bin/cdxgen -p -r -t python repotests/pyperf -o bomresults/bom-pyperf.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-pyperf.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-pyperf.xml --input-format xml --input-version v1_4
-          bin/cdxgen -p -r -t python repotests/cachecontrol -o bomresults/bom-cachecontrol.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-cachecontrol.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-cachecontrol.xml --input-format xml --input-version v1_4
-          bin/cdxgen -p -r -t python repotests/flask -o bomresults/bom-flask.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-flask.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-flask.xml --input-format xml --input-version v1_4
-          bin/cdxgen -p -r -t python repotests/click -o bomresults/bom-click.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-click.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-click.xml --input-format xml --input-version v1_4
-          bin/cdxgen -p -r -t python repotests/jinja -o bomresults/bom-jinja.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-jinja.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-jinja.xml --input-format xml --input-version v1_4
+          pip install -r contrib/requirements.txt
+          bin/cdxgen.js -p -r -t python repotests/scipy -o bomresults/bom-scipy.json
+          python contrib/bom-validate.py --json bomresults/bom-scipy.json
+          bin/cdxgen.js -p -r -t python repotests/black -o bomresults/bom-black.json
+          python contrib/bom-validate.py --json bomresults/bom-black.json
+          bin/cdxgen.js -p -r -t python repotests/pyperf -o bomresults/bom-pyperf.json
+          python contrib/bom-validate.py --json bomresults/bom-pyperf.json
+          bin/cdxgen.js -p -r -t python repotests/cachecontrol -o bomresults/bom-cachecontrol.json
+          python contrib/bom-validate.py --json bomresults/bom-cachecontrol.json
+          bin/cdxgen.js -p -r -t python repotests/flask -o bomresults/bom-flask.json
+          python contrib/bom-validate.py --json bomresults/bom-flask.json
+          bin/cdxgen.js -p -r -t python repotests/click -o bomresults/bom-click.json
+          python contrib/bom-validate.py --json bomresults/bom-click.json
+          bin/cdxgen.js -p -r -t python repotests/jinja -o bomresults/bom-jinja.json
+          python contrib/bom-validate.py --json bomresults/bom-jinja.json
 
-          bin/cdxgen --no-install-deps -p -r -t python repotests/scipy -o bomresults/bom-scipy.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-scipy.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-scipy.xml --input-format xml --input-version v1_4
-          bin/cdxgen --no-install-deps -p -r -t python repotests/black -o bomresults/bom-black.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-black.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-black.xml --input-format xml --input-version v1_4
-          bin/cdxgen --no-install-deps -p -r -t python repotests/pyperf -o bomresults/bom-pyperf.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-pyperf.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-pyperf.xml --input-format xml --input-version v1_4
-          bin/cdxgen --no-install-deps -p -r -t python repotests/cachecontrol -o bomresults/bom-cachecontrol.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-cachecontrol.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-cachecontrol.xml --input-format xml --input-version v1_4
-          bin/cdxgen --no-install-deps -p -r -t python repotests/flask -o bomresults/bom-flask.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-flask.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-flask.xml --input-format xml --input-version v1_4
-          bin/cdxgen --no-install-deps -p -r -t python repotests/click -o bomresults/bom-click.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-click.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-click.xml --input-format xml --input-version v1_4
-          bin/cdxgen --no-install-deps -p -r -t python repotests/jinja -o bomresults/bom-jinja.json
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-jinja.json --input-format json --input-version v1_4
-          ./cyclonedx validate --fail-on-errors --input-file bomresults/bom-jinja.xml --input-format xml --input-version v1_4
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/scipy -o bomresults/bom-scipy.json
+          python contrib/bom-validate.py --json bomresults/bom-scipy.json
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/black -o bomresults/bom-black.json
+          python contrib/bom-validate.py --json bomresults/bom-black.json
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/pyperf -o bomresults/bom-pyperf.json
+          python contrib/bom-validate.py --json bomresults/bom-pyperf.json
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/cachecontrol -o bomresults/bom-cachecontrol.json
+          python contrib/bom-validate.py --json bomresults/bom-cachecontrol.json
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/flask -o bomresults/bom-flask.json
+          python contrib/bom-validate.py --json bomresults/bom-flask.json
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/click -o bomresults/bom-click.json
+          python contrib/bom-validate.py --json bomresults/bom-click.json
+          bin/cdxgen.js --no-install-deps -p -r -t python repotests/jinja -o bomresults/bom-jinja.json
+          python contrib/bom-validate.py --json bomresults/bom-jinja.json
         env:
           CDXGEN_DEBUG_MODE: debug