From d0015429ef13f79503bb6d17e3b66f59a1b408a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Boutemy?= Date: Tue, 19 Mar 2024 18:00:30 +0100 Subject: [PATCH] distribution-intake external reference is more accurate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit this fixes #245 Signed-off-by: Hervé Boutemy --- .../java/org/cyclonedx/maven/DefaultModelConverter.java | 4 +++- .../java/org/cyclonedx/maven/ExternalReferenceTest.java | 9 +++++---- src/test/resources/external-reference/child/pom.xml | 1 + 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java b/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java index ad2d36f2..2d28c5fb 100644 --- a/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java +++ b/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java @@ -232,7 +232,9 @@ private void extractComponentMetadata(MavenProject project, Component component, if (project.getDistributionManagement() != null) { addExternalReference(ExternalReference.Type.DISTRIBUTION, project.getDistributionManagement().getDownloadUrl(), component); if (project.getDistributionManagement().getRepository() != null) { - addExternalReference(ExternalReference.Type.DISTRIBUTION, project.getDistributionManagement().getRepository().getUrl(), component); + ExternalReference.Type type = + (schemaVersion.getVersion() < 1.5) ? ExternalReference.Type.DISTRIBUTION : ExternalReference.Type.DISTRIBUTION_INTAKE; + addExternalReference(type, project.getDistributionManagement().getRepository().getUrl(), component); } } if (project.getIssueManagement() != null) { diff --git a/src/test/java/org/cyclonedx/maven/ExternalReferenceTest.java b/src/test/java/org/cyclonedx/maven/ExternalReferenceTest.java index 3bc88e39..f7229476 100644 --- a/src/test/java/org/cyclonedx/maven/ExternalReferenceTest.java +++ b/src/test/java/org/cyclonedx/maven/ExternalReferenceTest.java @@ -51,7 +51,7 @@ private static void verifyParentExternalReferences(File projDir) { assertExternalReferences(bomJsonFile, "chat", "url", singleton("https://acme.com/parent")); assertExternalReferences(bomJsonFile, "website", "url", singleton("https://cyclonedx.org/acme")); assertExternalReferences(bomJsonFile, "vcs", "url", singleton("https://github.com/CycloneDX/cyclonedx-maven-plugin.git")); - verifyCommonExternalReferences(bomJsonFile); + verifyCommonExternalReferences(bomJsonFile, false); } private static void verifyChildExternalReferences(File projDir) { @@ -59,14 +59,15 @@ private static void verifyChildExternalReferences(File projDir) { assertExternalReferences(bomJsonFile, "chat", "url", asList("https://acme.com/parent", "https://acme.com/child")); assertExternalReferences(bomJsonFile, "website", "url", singleton("https://cyclonedx.org/acme/child")); assertExternalReferences(bomJsonFile, "vcs", "url", singleton("https://github.com/CycloneDX/cyclonedx-maven-plugin.git/child")); - verifyCommonExternalReferences(bomJsonFile); + verifyCommonExternalReferences(bomJsonFile, true); } - private static void verifyCommonExternalReferences(File bomJsonFile) { + private static void verifyCommonExternalReferences(File bomJsonFile, boolean child) { assertExternalReferences(bomJsonFile, "chat", "comment", singleton("optional comment")); assertExternalReferences(bomJsonFile, "release-notes", "url", singleton("https://github.com/CycloneDX/cyclonedx-maven-plugin/releases")); assertExternalReferences(bomJsonFile, "build-system", "url", singleton("https://github.com/CycloneDX/cyclonedx-maven-plugin/actions")); - assertExternalReferences(bomJsonFile, "distribution", "url", singleton("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")); + // CycloneDX 1.4 supports distribution only, 1.5 replaces with distribution-intake + assertExternalReferences(bomJsonFile, child ? "distribution" : "distribution-intake", "url", singleton("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")); assertExternalReferences(bomJsonFile, "issue-tracker", "url", singleton("https://github.com/CycloneDX/cyclonedx-maven-plugin/issues")); assertExternalReferences(bomJsonFile, "mailing-list", "url", singleton("https://dev.ml.cyclonedx.org/archive")); } diff --git a/src/test/resources/external-reference/child/pom.xml b/src/test/resources/external-reference/child/pom.xml index 1455508e..1f0c7b25 100644 --- a/src/test/resources/external-reference/child/pom.xml +++ b/src/test/resources/external-reference/child/pom.xml @@ -28,6 +28,7 @@ cyclonedx-maven-plugin ${cyclonedx-maven-plugin.version} + 1.4 CHAT