[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"

[tool.poetry]
name = "cyclonedx-python-lib"
# !! version is managed by semantic_release
version = "11.7.0"
description = "Python library for CycloneDX"
authors = [
  "Paul Horton <phorton@sonatype.com>",
  "Jan Kowalleck <jan.kowalleck@gmail.com>",
]
maintainers = [
  "Jan Kowalleck <jan.kowalleck@gmail.com>",
]
license = "Apache-2.0"
readme = "README.md"
homepage = "https://github.com/CycloneDX/cyclonedx-python-lib/#readme"
repository = "https://github.com/CycloneDX/cyclonedx-python-lib"
documentation = "https://cyclonedx-python-library.readthedocs.io/"
packages = [
  { include = "cyclonedx" }
]
include = [
  # all is an object -> prevent parse issue with dependabot
  { path="README.md", format =["sdist"] },
  { path="CHANGELOG.md", format=["sdist"] },
  { path="docs", format=["sdist"] },
  { path="examples", format=["sdist"] },
  { path="tests", format=["sdist"] },
]
exclude = [
  # exclude dotfiles and dotfolders
  "**/.*",
  "docs/_build", "docs/processes",
]
classifiers = [
  # Trove classifiers - https://packaging.python.org/specifications/core-metadata/#metadata-classifier
  # Full list: https://pypi.python.org/pypi?%3Aaction=list_classifiers
  'Development Status :: 5 - Production/Stable',
  'Intended Audience :: Developers',
  'Intended Audience :: Information Technology',
  'Intended Audience :: Legal Industry',
  'Intended Audience :: System Administrators',
  'Topic :: Security',
  'Topic :: Software Development',
  'Topic :: System :: Software Distribution',
  'License :: OSI Approved :: Apache Software License',
  'Programming Language :: Python :: 3.9',
  'Programming Language :: Python :: 3.10',
  'Programming Language :: Python :: 3.11',
  'Programming Language :: Python :: 3.12',
  'Programming Language :: Python :: 3.13',
  'Programming Language :: Python :: 3.14',
  'Typing :: Typed',
]
keywords = [
  "CycloneDX", "library",
  "OWASP", "SCA",
  "Software Bill of Materials", "Bill of Materials",
  "BOM", "SBOM", "VEX", "VDR", "OBOM", "MBOM", "SaaSBOM",
  "SPDX", "PackageURL", "PURL",
]

[tool.poetry.urls]
"Changelog" = "https://github.com/CycloneDX/cyclonedx-python-lib/releases"
"Bug Tracker" = "https://github.com/CycloneDX/cyclonedx-python-lib/issues"
"Funding" = "https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX"

[tool.poetry.dependencies]
python = "^3.9"
packageurl-python = ">=0.11, <2"
py-serializable =  "^2.1.0"
sortedcontainers = "^2.4.0"
license-expression = "^30"
jsonschema = { version = "^4.25", extras=['format-nongpl'], optional=true }
referencing = { version = ">=0.28.4", optional=true }  # in sync with the transitive dependency of `jsonschema`
lxml = { version=">=4,<7", optional=true }
typing_extensions = { version="^4.6", python = "<3.13"}  # for `@deprecated` - which was added in v4.5 but this version appesrs to be broken...

[tool.poetry.extras]
validation = ["jsonschema", "referencing", "lxml"]
json-validation = ["jsonschema", "referencing"]
xml-validation = ["lxml"]

[tool.poetry.group.dev.dependencies]
ddt = "1.7.2"
coverage = "7.10.7"
flake8 = "7.3.0"
flake8-annotations = "3.1.1"
flake8-bugbear = "24.12.12"
flake8-copyright-validator = "0.0.1"
flake8-isort = "6.1.2"
flake8-quotes = "3.4.0"
flake8-use-fstring = "1.4"
pep8-naming = "0.15.1"
isort = "6.1.0"
autopep8 = "2.3.2"
mypy = "1.19.1"
tomli = { version = "2.4.1", python = "<3.11" }
tox = "4.30.3"
xmldiff = "2.7.0"
bandit = "1.8.6"
pyupgrade = [
  { version = "3.21.0", python = "<3.10" },
  { version = "3.21.2", python = ">=3.10" },
]
deptry = "0.23.1"
# for tests, use the GPL-version of jsonschema format validators - they are faster
jsonschema = { version = "*", extras = ["format"], optional=true }

[tool.semantic_release]
# see https://python-semantic-release.readthedocs.io/en/latest/configuration.html
logging_use_named_masks = true
commit_parser = "conventional"
commit_parser_options = { parse_squash_commits = true, ignore_merge_commits = true }
commit_message = "chore(release): {version}\n\nAutomatically generated by python-semantic-release"
upload_to_vcs_release = true
build_command = """
  pip install poetry
  poetry build
"""
version_toml = ["pyproject.toml:tool.poetry.version"]
version_variables = [
  "cyclonedx/__init__.py:__version__",
  "docs/conf.py:release",
]

[tool.semantic_release.publish]
dist_glob_patterns = ["dist/*"]
upload_to_vcs_release = true

[tool.semantic_release.changelog]
default_templates = { changelog_file = "CHANGELOG.md" }
exclude_commit_patterns = [
  '''chore(?:\([^)]*?\))?: .+''',
  '''ci(?:\([^)]*?\))?: .+''',
  '''refactor(?:\([^)]*?\))?: .+''',
  '''style(?:\([^)]*?\))?: .+''',
  '''tests?(?:\([^)]*?\))?: .+''',
  '''build\((?!deps\): .+)''',
]

[tool.semantic_release.branches.main]
match = "(main|master)"
prerelease = false

[tool.semantic_release.branches."step"]
match = "(build|chore|ci|docs|feat|fix|perf|style|refactor|tests?)"
prerelease = true
prerelease_token = "alpha"

[tool.semantic_release.branches."major-dev"]
match = "(\\d+\\.0\\.0-(dev|rc)|dev/\\d+\\.0\\.0)"
prerelease = true
prerelease_token = "rc"

[tool.deptry]
extend_exclude = ["docs", "examples", "package_aliases", "tools"]