Skip to content

feat: collect evidences for license#1309

Merged
jkowalleck merged 28 commits intoCycloneDX:masterfrom
Frozen-byte:master
Oct 7, 2024
Merged

feat: collect evidences for license#1309
jkowalleck merged 28 commits intoCycloneDX:masterfrom
Frozen-byte:master

Conversation

@Frozen-byte
Copy link
Contributor

@Frozen-byte Frozen-byte commented Oct 2, 2024
edited by jkowalleck
Loading

fixes #676

@Frozen-byte
feat(EvidenceCollection): collect evidences for licence and copyright…
ac8c142 
… notices

Refs: CycloneDX#676
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte Frozen-byte requested a review from a team as a code owner October 2, 2024 22:55
@Frozen-byte
chore(EvidenceCollection): sync readme parameters adding `collectEvid…
5bf84dc 
…ence`

Signed-off-by: frozen_byte <frozen_byte@gmx.de>
jkowalleck
jkowalleck requested changes Oct 3, 2024
View reviewed changes
@Frozen-byte
fix(EvidenceCollection): refactor collectEvidence into an option obje…
30d5de9 
…ct passed down as an argument

Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
fix(EvidenceCollection): revert breaking change of node18
9906cbf 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@jkowalleck jkowalleck added the enhancement New feature or request label Oct 3, 2024
@Frozen-byte
fix(EvidenceCollection): remove copyright collection feature
107d2b7 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
fix(EvidenceCollection): remove spec check for evidence feature
f32c1c7 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
jkowalleck
jkowalleck requested changes Oct 3, 2024
View reviewed changes
@Frozen-byte
chore(EvidenceCollection): refactor to yielding
7dd053c 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
fix(EvidenceCollection): use named licenses for evidence
6711ad2 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
chore(EvidenceCollection): uppercase the case-insensitive regex
4d33603 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
chore(EvidenceCollection): use single switch instead of option obj
abe3bc3 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte Frozen-byte mentioned this pull request Oct 4, 2024
Open
@Frozen-byte Frozen-byte requested a review from jkowalleck October 4, 2024 11:51
jkowalleck
jkowalleck requested changes Oct 4, 2024
View reviewed changes
@Frozen-byte
chore(EvidenceCollection): keep related code together
1336a1b 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
chore(EvidenceCollection): avoid explicit variable names that are jus…
1976436 
…t used once

Signed-off-by: frozen_byte <frozen_byte@gmx.de>
jkowalleck
jkowalleck requested changes Oct 4, 2024
View reviewed changes
jkowalleck
jkowalleck reviewed Oct 4, 2024
View reviewed changes
@Frozen-byte
chore(EvidenceCollection): code-style
895b1c2 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
fix(EvidenceCollection): rm unused argument
1e84884 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
chore(EvidenceCollection): refactor getComponentEvidence to extractor…
1293b13 
…s scope

Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
fix(EvidenceCollection): as missing slash when concatenating path and…
873006b 
… file

Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
chore(Testing): enable collectEvidence option for tests and update sn…
9b7b253 
…apshot

Signed-off-by: frozen_byte <frozen_byte@gmx.de>
jkowalleck
jkowalleck requested changes Oct 5, 2024
View reviewed changes
Copy link
Member

@jkowalleck jkowalleck left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for tests, do not enable the new feature in all tests beds.
instead, create a new test bed dedicated to the feature, and enable the feature there.

@jkowalleck jkowalleck changed the title feat(EvidenceCollection): collect evidences for licence and copyright notices feat: collect evidences for license Oct 5, 2024
@Frozen-byte
Copy link
Contributor Author

Frozen-byte commented Oct 7, 2024

for tests, do not enable the new feature in all tests beds. instead, create a new test bed dedicated to the feature, and enable the feature there.

I copied the folder from exampleWebpack5Angular17 to feature-issue676.
After that, I updated it to angular18 and enabled the evidence option and ran the tests with updating the snapshot.

This error worries me when I execute setup-test:
➤ YN0002: │ @cyclonedx-webpack-plugin-tests/regression-issue1284-yarn@workspace:. Doesn't provide @popperjs/core (pb1d91), requested by bootstrap.
I do not think it is caused by these changes and might be a local problem?
Haven't investigated further, but just FYI.

@Frozen-byte
Copy link
Contributor Author

Frozen-byte commented Oct 7, 2024
edited
Loading

In addition, my revert commit 3fdd595fe4e9469e8083bcbc888b0084488c455b was not signed off somehow.

Should I leave it? Or renaming this commit one and force pushing a new history? Or will this break things even further?

jkowalleck
jkowalleck requested changes Oct 7, 2024
View reviewed changes
@jkowalleck
Copy link
Member

jkowalleck commented Oct 7, 2024
edited
Loading

In addition, my revert commit 3fdd595fe4e9469e8083bcbc888b0084488c455b was not signed off somehow.

Should I leave it? Or renaming this commit one and force pushing a new history? Or will this break things even further?

We need every commit signed-off. Here are instructions how this can be done via rebase/force-push:
https://github.com/CycloneDX/cyclonedx-webpack-plugin/pull/1309/checks?check_run_id=31165850595

Since you are the only person working on this branch, i don't see any risks. Go ahead :D

@Frozen-byte
Revert "chore(Testing): enable collectEvidence option for tests and u…
e2e44b0 
…pdate snapshot"

This reverts commit 9b7b253.

Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
fix(EvidenceCollection): remove copyright collection documentation si…
9e41244 
…nce feature got moved

Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
feat(Tests): enable collectEvidence option for tests and update snapshot
d4fd58f 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
chore(docs): was created by v18
bf5b1d8 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
fix(Tests): add dummy notice and licence file for the evidence collec…
b652ae0 
…tion test

Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
fix(Tests): update snapshots with expected license files
f9dede8 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@jkowalleck
Copy link
Member

jkowalleck commented Oct 7, 2024

for tests, do not enable the new feature in all tests beds. instead, create a new test bed dedicated to the feature, and enable the feature there.

I copied the folder from exampleWebpack5Angular17 to feature-issue676. After that, I updated it to angular18 and enabled the evidence option and ran the tests with updating the snapshot.

This error worries me when I execute setup-test: ➤ YN0002: │ @cyclonedx-webpack-plugin-tests/regression-issue1284-yarn@workspace:. Doesn't provide @popperjs/core (pb1d91), requested by bootstrap. I do not think it is caused by these changes and might be a local problem? Haven't investigated further, but just FYI.

Either yarn takes care of the missing (peer)dependency, or we just dont care.
Anyway, this is probably no show stopper.

jkowalleck
jkowalleck reviewed Oct 7, 2024
View reviewed changes
@jkowalleck
tests: fix setup of new testbed
796a513 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
jkowalleck
jkowalleck requested changes Oct 7, 2024
View reviewed changes
Frozen-byte and others added 4 commits October 7, 2024 18:23
@Frozen-byte
fix(Tests): update snapshots with new timestamps
03b0346 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@Frozen-byte
fix(Tests): use reproducibleResults in tests to keep snapshot in sync
b0a5c89 
Signed-off-by: frozen_byte <frozen_byte@gmx.de>
@jkowalleck
Update HISTORY.md
1f987ac 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck
Merge branch 'master' into master
7faf23e 
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
@jkowalleck
Copy link
Member

jkowalleck commented Oct 7, 2024
edited
Loading

@Frozen-byte thank you for the contribution. 🚀

I will merge it, and might add some small polishing.

PS: polishing via #1312

@jkowalleck jkowalleck merged commit 77df409 into CycloneDX:master Oct 7, 2024
@jkowalleck jkowalleck mentioned this pull request Oct 7, 2024
Merged
jkowalleck added a commit that referenced this pull request Oct 8, 2024
@jkowalleck
fix: pollish evidence gathering (#1312)
8eb1cba 
followup of #1309

- fixed some false-positives for license evidences.
- refactored some functionality, so that it is much easier to add #1310
later

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
This was referenced Oct 8, 2024
Closed
Closed
@jkowalleck jkowalleck mentioned this pull request Dec 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkowalleck jkowalleck jkowalleck requested changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

FEAT: Option to add license text to BOM output

2 participants

@Frozen-byte @jkowalleck