Skip to content

Commit

Permalink
Add a configuration option to skip undeployed artifacts
Browse files Browse the repository at this point in the history
This adds a `<skipNotDeployed>` plugin configuration option. If set to
`false`, even artifacts that do not have a deploy execution are used to
generate the SBOM.

Closes #430

Signed-off-by: Piotr P. Karwasz <piotr.github@karwasz.org>
  • Loading branch information
ppkarwasz authored and hboutemy committed Dec 13, 2023
1 parent 2e2afc6 commit e6b6af2
Show file tree
Hide file tree
Showing 7 changed files with 127 additions and 11 deletions.
50 changes: 50 additions & 0 deletions src/it/makeAggregateBom/skipped/deploy-config-force/pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file is part of CycloneDX Maven Plugin.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
SPDX-License-Identifier: Apache-2.0
Copyright (c) OWASP Foundation. All Rights Reserved.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

<modelVersion>4.0.0</modelVersion>

<parent>
<groupId>org.cyclonedx.its</groupId>
<artifactId>skipped</artifactId>
<version>1.0-SNAPSHOT</version>
</parent>
<artifactId>deploy-config-force</artifactId>

<build>
<plugins>
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<configuration>
<skipNotDeployed>false</skipNotDeployed>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<version>3.1.1</version>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>
35 changes: 35 additions & 0 deletions src/it/makeAggregateBom/skipped/deploy-property-force/pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file is part of CycloneDX Maven Plugin.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
SPDX-License-Identifier: Apache-2.0
Copyright (c) OWASP Foundation. All Rights Reserved.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

<modelVersion>4.0.0</modelVersion>

<parent>
<groupId>org.cyclonedx.its</groupId>
<artifactId>skipped</artifactId>
<version>1.0-SNAPSHOT</version>
</parent>
<artifactId>deploy-property-force</artifactId>

<properties>
<maven.deploy.skip>true</maven.deploy.skip>
<cyclonedx.skipNotDeployed>false</cyclonedx.skipNotDeployed>
</properties>
</project>
2 changes: 2 additions & 0 deletions src/it/makeAggregateBom/skipped/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,9 @@

<modules>
<module>deploy-property</module>
<module>deploy-property-force</module>
<module>deploy-config</module>
<module>deploy-config-force</module>
<module>nexus-property</module>
<module>nexus-config</module>
</modules>
Expand Down
18 changes: 11 additions & 7 deletions src/it/makeAggregateBom/verify.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ assertBomFiles("impls/target/bom", false)
assertBomFiles("impls/impl-A/target/bom", false)
assertBomFiles("impls/impl-B/target/bom", false)
assertBomFiles("skipped/target/bom", false)
assertBomFiles("skipped/deploy-config-force/target/bom", false)
assertBomFiles("skipped/deploy-property-force/target/bom", false)

assertNoBomFiles("skipped/deploy-config/target/bom")
assertNoBomFiles("skipped/deploy-property/target/bom")
Expand All @@ -38,16 +40,16 @@ assertNoBomFiles("skipped/nexus-property/target/bom")

var buildLog = new File(basedir, "build.log").text

assert 13 == (buildLog =~ /\[INFO\] CycloneDX: Resolving Dependencies/).size()
assert 17 == (buildLog =~ /\[INFO\] CycloneDX: Resolving Dependencies/).size()
assert 2 == (buildLog =~ /\[INFO\] CycloneDX: Resolving Aggregated Dependencies/).size()

// 15 = 7 modules for main cyclonedx-makeAggregateBom execution
// 19 = 9 modules for main cyclonedx-makeAggregateBom execution
// + 1 for root module cyclonedx-makeAggregateBom-root-only execution
// + 7 modules for additional cyclonedx-makeBom execution
assert 15 == (buildLog =~ /\[INFO\] CycloneDX: Writing and validating BOM \(XML\)/).size()
assert 15 == (buildLog =~ /\[INFO\] CycloneDX: Writing and validating BOM \(JSON\)/).size()
// cyclonedx-makeAggregateBom-root-only execution skips 5 non-root modules
assert 6 == (buildLog =~ /\[INFO\] Skipping CycloneDX on non-execution root/).size()
// + 9 modules for additional cyclonedx-makeBom execution
assert 19 == (buildLog =~ /\[INFO\] CycloneDX: Writing and validating BOM \(XML\)/).size()
assert 19 == (buildLog =~ /\[INFO\] CycloneDX: Writing and validating BOM \(JSON\)/).size()
// cyclonedx-makeAggregateBom-root-only execution skips 7 non-root modules
assert 8 == (buildLog =~ /\[INFO\] Skipping CycloneDX on non-execution root/).size()

// [WARNING] artifact org.cyclonedx.its:api:xml:cyclonedx:1.0-SNAPSHOT already attached, replace previous instance
assert 0 == (buildLog =~ /-SNAPSHOT already attached, replace previous instance/).size()
Expand All @@ -72,6 +74,8 @@ assertBomEqualsNonAggregate("util/target/bom")
assertBomEqualsNonAggregate("impls/target/bom")
assertBomEqualsNonAggregate("impls/impl-A/target/bom")
assertBomEqualsNonAggregate("impls/impl-B/target/bom")
assertBomEqualsNonAggregate("skipped/deploy-config-force/target/bom")
assertBomEqualsNonAggregate("skipped/deploy-property-force/target/bom")

// dependencies for root component in makeAggregateBom is the list of modules
String bom = new File(basedir, 'target/bom.xml').text
Expand Down
13 changes: 11 additions & 2 deletions src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java
Original file line number Diff line number Diff line change
Expand Up @@ -278,9 +278,18 @@ protected boolean shouldSkip() {
return Boolean.parseBoolean(System.getProperty("cyclonedx.skip", Boolean.toString(skip)));
}

protected String getSkipReason() {
return null;
}

public void execute() throws MojoExecutionException {
if (shouldSkip()) {
getLog().info("Skipping CycloneDX");
final String skipReason = getSkipReason();
if (skipReason != null) {
getLog().info("Skipping CycloneDX goal, because " + skipReason);
} else {
getLog().info("Skipping CycloneDX goal");
}
return;
}
logParameters();
Expand Down Expand Up @@ -490,7 +499,7 @@ protected void populateComponents(final Set<String> topLevelComponents, final Ma
*
* @return Component.Scope - REQUIRED, OPTIONAL or null if it cannot be determined
*
* @see detectUnusedForOptionalScope
* @see #detectUnusedForOptionalScope
*/
private Component.Scope getComponentScope(Artifact artifact, ProjectDependencyAnalysis projectDependencyAnalysis) {
if (detectUnusedForOptionalScope) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ protected boolean shouldExclude(MavenProject mavenProject) {
if (excludeTestProject && mavenProject.getArtifactId().contains("test")) {
shouldExclude = true;
}
if (!BaseCycloneDxMojo.isDeployable(mavenProject)) {
if (skipNotDeployed && !BaseCycloneDxMojo.isDeployable(mavenProject)) {
shouldExclude = true;
}
return shouldExclude;
Expand Down
18 changes: 17 additions & 1 deletion src/main/java/org/cyclonedx/maven/CycloneDxMojo.java
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,14 @@
)
public class CycloneDxMojo extends BaseCycloneDxMojo {

/**
* Only runs this goal if the module does not skip deploy.
*
* @since 2.8.0
*/
@Parameter(property = "cyclonedx.skipNotDeployed", defaultValue = "true", required = false)
protected boolean skipNotDeployed = true;

/**
* Specify the Maven project dependency analyzer to use (plexus component role-hint). By default,
* <a href="https://maven.apache.org/shared/maven-dependency-analyzer/">maven-dependency-analyzer</a>'s one
Expand Down Expand Up @@ -97,7 +105,15 @@ protected ProjectDependencyAnalysis doProjectDependencyAnalysis(final MavenProje
@Override
protected boolean shouldSkip() {
// The list of artifacts would be empty
return super.shouldSkip() || !isDeployable(getProject());
return super.shouldSkip() || skipNotDeployed && !isDeployable(getProject());
}

@Override
protected String getSkipReason() {
if (super.shouldSkip()) {
return super.getSkipReason();
}
return "module skips deploy";
}

protected String extractComponentsAndDependencies(final Set<String> topLevelComponents, final Map<String, Component> components, final Map<String, Dependency> dependencies) throws MojoExecutionException {
Expand Down

0 comments on commit e6b6af2

Please sign in to comment.