Merge pull request #283 from CycloneDX/tool-goal

hboutemy · web-flow · commit d383c50b9623 · 2023-02-15T17:38:21.000-05:00
add effective goal into BOM tool name
diff --git a/src/it/makeAggregateBom/verify.groovy b/src/it/makeAggregateBom/verify.groovy
@@ -1,17 +1,21 @@
-void assertBomFiles(String path) {
+void assertBomFiles(String path, boolean aggregate) {
     File bomFileXml = new File(basedir, path + ".xml")
     File bomFileJson = new File(basedir, path + ".json")
 
     assert bomFileXml.exists()
     assert bomFileJson.exists()
+
+    String analysis = aggregate ? "makeAggregateBom" : "makeBom"
+    assert bomFileXml.text.contains('<name>CycloneDX Maven plugin ' + analysis + '</name>')
+    assert bomFileJson.text.contains('"name" : "CycloneDX Maven plugin ' + analysis + '"')
 }
 
-assertBomFiles("target/bom") // aggregate
-assertBomFiles("api/target/bom")
-assertBomFiles("util/target/bom")
-assertBomFiles("impls/target/bom")
-assertBomFiles("impls/impl-A/target/bom")
-assertBomFiles("impls/impl-B/target/bom")
+assertBomFiles("target/bom", true) // aggregate
+assertBomFiles("api/target/bom", false)
+assertBomFiles("util/target/bom", false)
+assertBomFiles("impls/target/bom", false)
+assertBomFiles("impls/impl-A/target/bom", false)
+assertBomFiles("impls/impl-B/target/bom", false)
 
 var buildLog = new File(basedir, "build.log").text
 
diff --git a/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java b/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java
@@ -246,7 +246,15 @@ protected Component convert(Artifact artifact) {
         return modelConverter.convert(artifact, schemaVersion(), includeLicenseText);
     }
 
-    protected abstract boolean analyze(Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException;
+    /**
+     * Analyze the project dependencies to fill the BOM components list and their dependencies.
+     *
+     * @param components the components set to fill
+     * @param dependencies the dependencies set to fill
+     * @return the name of the analysis done to store as a BOM, or {@code null} to not save result.
+     * @throws MojoExecutionException something weird happened...
+     */
+    protected abstract String analyze(Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException;
 
     public void execute() throws MojoExecutionException {
         final boolean shouldSkip = Boolean.parseBoolean(System.getProperty("cyclonedx.skip", Boolean.toString(skip)));
@@ -259,20 +267,21 @@ public void execute() throws MojoExecutionException {
         final Set<Component> components = new LinkedHashSet<>();
         final Set<Dependency> dependencies = new LinkedHashSet<>();
 
-        if (analyze(components, dependencies)) {
-            generateBom(components, dependencies);
+        String analysis = analyze(components, dependencies);
+        if (analysis != null) {
+            generateBom(analysis, components, dependencies);
         }
     }
 
-    private void generateBom(Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException {
+    private void generateBom(String analysis, Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException {
         try {
             getLog().info(MESSAGE_CREATING_BOM);
             final Bom bom = new Bom();
             if (schemaVersion().getVersion() >= 1.1 && includeBomSerialNumber) {
                 bom.setSerialNumber("urn:uuid:" + UUID.randomUUID());
             }
             if (schemaVersion().getVersion() >= 1.2) {
-                final Metadata metadata = modelConverter.convert(project, projectType, schemaVersion(), includeLicenseText);
+                final Metadata metadata = modelConverter.convert(project, analysis, projectType, schemaVersion(), includeLicenseText);
                 bom.setMetadata(metadata);
             }
             bom.setComponents(new ArrayList<>(components));
diff --git a/src/main/java/org/cyclonedx/maven/CycloneDxAggregateMojo.java b/src/main/java/org/cyclonedx/maven/CycloneDxAggregateMojo.java
@@ -26,6 +26,7 @@
 import org.apache.maven.plugins.annotations.ResolutionScope;
 import org.apache.maven.project.MavenProject;
 import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalysis;
+import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalyzerException;
 import org.cyclonedx.model.Component;
 import org.cyclonedx.model.Dependency;
 
@@ -105,14 +106,14 @@ protected void logAdditionalParameters() {
         getLog().info("outputReactorProjects  : " + outputReactorProjects);
     }
 
-    protected boolean analyze(final Set<Component> components, final Set<Dependency> dependencies) throws MojoExecutionException {
+    protected String analyze(final Set<Component> components, final Set<Dependency> dependencies) throws MojoExecutionException {
         if (! getProject().isExecutionRoot()) {
             // non-root project: let parent class create a module-only BOM?
             if (outputReactorProjects) {
                 return super.analyze(components, dependencies);
             }
             getLog().info("Skipping CycloneDX on non-execution root");
-            return false;
+            return null;
         }
 
         // root project: analyze and aggregate all the modules
@@ -131,8 +132,8 @@ protected boolean analyze(final Set<Component> components, final Set<Dependency>
             try {
                 ProjectDependencyAnalysis dependencyAnalysis = dependencyAnalyzer.analyze(mavenProject);
                 dependencyAnalysisMap.put(mavenProject.getArtifactId(), dependencyAnalysis);
-            } catch (Exception e) {
-                getLog().debug(e);
+            } catch (ProjectDependencyAnalyzerException pdae) {
+                getLog().debug("Could not analyze " + mavenProject.getId(), pdae); // TODO should warn...
             }
         }
 
@@ -192,7 +193,7 @@ protected boolean analyze(final Set<Component> components, final Set<Dependency>
             }
         }
         addMavenProjectsAsDependencies(reactorProjects, dependencies);
-        return true;
+        return "makeAggregateBom";
     }
 
     private void addMavenProjectsAsDependencies(List<MavenProject> reactorProjects, Set<Dependency> dependencies) {
diff --git a/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java b/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java
@@ -27,6 +27,7 @@
 import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalysis;
 import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalyzer;
 import org.codehaus.plexus.PlexusContainer;
+import org.codehaus.plexus.component.repository.exception.ComponentLookupException;
 import org.cyclonedx.model.Component;
 import org.cyclonedx.model.Dependency;
 import java.util.LinkedHashSet;
@@ -69,18 +70,14 @@ public class CycloneDxMojo extends BaseCycloneDxMojo {
      * @throws MojoExecutionException in case of an error.
      */
     protected ProjectDependencyAnalyzer createProjectDependencyAnalyzer() throws MojoExecutionException {
-        final String role = ProjectDependencyAnalyzer.class.getName();
-        final String roleHint = analyzer;
         try {
-            return (ProjectDependencyAnalyzer) plexusContainer.lookup(role, roleHint);
-        }
-        catch (Exception exception) {
-            throw new MojoExecutionException("Failed to instantiate ProjectDependencyAnalyser with role " + role
-                    + " / role-hint " + roleHint, exception);
+            return (ProjectDependencyAnalyzer) plexusContainer.lookup(ProjectDependencyAnalyzer.class, analyzer);
+        } catch (ComponentLookupException cle) {
+            throw new MojoExecutionException("Failed to instantiate ProjectDependencyAnalyser with role-hint " + analyzer, cle);
         }
     }
 
-    protected boolean analyze(final Set<Component> components, final Set<Dependency> dependencies) throws MojoExecutionException {
+    protected String analyze(final Set<Component> components, final Set<Dependency> dependencies) throws MojoExecutionException {
         final Set<String> componentRefs = new LinkedHashSet<>();
         // Use default dependency analyzer
         dependencyAnalyzer = createProjectDependencyAnalyzer();
@@ -111,7 +108,7 @@ protected boolean analyze(final Set<Component> components, final Set<Dependency>
         if (schemaVersion().getVersion() >= 1.2) {
             dependencies.addAll(buildDependencyGraph(null));
         }
-        return true;
+        return "makeBom";
     }
 
     /**
diff --git a/src/main/java/org/cyclonedx/maven/CycloneDxPackageMojo.java b/src/main/java/org/cyclonedx/maven/CycloneDxPackageMojo.java
@@ -56,7 +56,7 @@ protected boolean shouldInclude(MavenProject mavenProject) {
         return Arrays.asList(new String[]{"war", "ear"}).contains(mavenProject.getPackaging());
     }
 
-    protected boolean analyze(Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException {
+    protected String analyze(Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException {
         final Set<String> componentRefs = new LinkedHashSet<>();
         getLog().info(MESSAGE_RESOLVING_DEPS);
 
@@ -77,6 +77,6 @@ protected boolean analyze(Set<Component> components, Set<Dependency> dependencie
                 dependencies.addAll(buildDependencyGraph(mavenProject));
             }
         }
-        return true;
+        return "makePackageBom";
     }
 }
diff --git a/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java b/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java
@@ -315,11 +315,11 @@ else if (licenseChoiceToResolve.getExpression() != null && CycloneDxSchema.Versi
         return false;
     }
 
-    public Metadata convert(final MavenProject project, String projectType, CycloneDxSchema.Version schemaVersion, boolean includeLicenseText) {
+    public Metadata convert(final MavenProject project, String analysis, String projectType, CycloneDxSchema.Version schemaVersion, boolean includeLicenseText) {
         final Tool tool = new Tool();
         final Properties properties = readPluginProperties();
         tool.setVendor(properties.getProperty("vendor"));
-        tool.setName(properties.getProperty("name"));
+        tool.setName(properties.getProperty("name") + ' ' + analysis);
         tool.setVersion(properties.getProperty("version"));
         // Attempt to add hash values from the current mojo
         final Artifact self = new DefaultArtifact(properties.getProperty("groupId"), properties.getProperty("artifactId"),
diff --git a/src/main/java/org/cyclonedx/maven/ModelConverter.java b/src/main/java/org/cyclonedx/maven/ModelConverter.java
@@ -48,10 +48,11 @@ public interface ModelConverter {
      * Converts a MavenProject into a Metadata object.
      *
      * @param project the MavenProject to convert
+     * @param analysis type of analysis
      * @param projectType the target CycloneDX component type
      * @param schemaVersion the target CycloneDX schema version
      * @param includeLicenseText should license text be included in bom?
      * @return a CycloneDX Metadata object
      */
-    Metadata convert(MavenProject project, String projectType, CycloneDxSchema.Version schemaVersion, boolean includeLicenseText);
+    Metadata convert(MavenProject project, String analysis, String projectType, CycloneDxSchema.Version schemaVersion, boolean includeLicenseText);
 }

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@`
`26`	`26`	`import org.apache.maven.plugins.annotations.ResolutionScope;`
`27`	`27`	`import org.apache.maven.project.MavenProject;`
`28`	`28`	`import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalysis;`
	`29`	`+import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalyzerException;`
`29`	`30`	`import org.cyclonedx.model.Component;`
`30`	`31`	`import org.cyclonedx.model.Dependency;`
`31`	`32`
`@@ -105,14 +106,14 @@ protected void logAdditionalParameters() {`
`105`	`106`	`getLog().info("outputReactorProjects : " + outputReactorProjects);`
`106`	`107`	`}`
`107`	`108`
`108`		`- protected boolean analyze(final Set<Component> components, final Set<Dependency> dependencies) throws MojoExecutionException {`
	`109`	`+ protected String analyze(final Set<Component> components, final Set<Dependency> dependencies) throws MojoExecutionException {`
`109`	`110`	`if (! getProject().isExecutionRoot()) {`
`110`	`111`	`// non-root project: let parent class create a module-only BOM?`
`111`	`112`	`if (outputReactorProjects) {`
`112`	`113`	`return super.analyze(components, dependencies);`
`113`	`114`	`}`
`114`	`115`	`getLog().info("Skipping CycloneDX on non-execution root");`
`115`		`- return false;`
	`116`	`+ return null;`
`116`	`117`	`}`
`117`	`118`
`118`	`119`	`// root project: analyze and aggregate all the modules`
`@@ -131,8 +132,8 @@ protected boolean analyze(final Set<Component> components, final Set<Dependency>`
`131`	`132`	`try {`
`132`	`133`	`ProjectDependencyAnalysis dependencyAnalysis = dependencyAnalyzer.analyze(mavenProject);`
`133`	`134`	`dependencyAnalysisMap.put(mavenProject.getArtifactId(), dependencyAnalysis);`
`134`		`- } catch (Exception e) {`
`135`		`- getLog().debug(e);`
	`135`	`+ } catch (ProjectDependencyAnalyzerException pdae) {`
	`136`	`+ getLog().debug("Could not analyze " + mavenProject.getId(), pdae); // TODO should warn...`
`136`	`137`	`}`
`137`	`138`	`}`
`138`	`139`
`@@ -192,7 +193,7 @@ protected boolean analyze(final Set<Component> components, final Set<Dependency>`
`192`	`193`	`}`
`193`	`194`	`}`
`194`	`195`	`addMavenProjectsAsDependencies(reactorProjects, dependencies);`
`195`		`- return true;`
	`196`	`+ return "makeAggregateBom";`
`196`	`197`	`}`
`197`	`198`
`198`	`199`	`private void addMavenProjectsAsDependencies(List<MavenProject> reactorProjects, Set<Dependency> dependencies) {`
Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ protected boolean shouldInclude(MavenProject mavenProject) {`
`56`	`56`	`return Arrays.asList(new String[]{"war", "ear"}).contains(mavenProject.getPackaging());`
`57`	`57`	`}`
`58`	`58`
`59`		`- protected boolean analyze(Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException {`
	`59`	`+ protected String analyze(Set<Component> components, Set<Dependency> dependencies) throws MojoExecutionException {`
`60`	`60`	`final Set<String> componentRefs = new LinkedHashSet<>();`
`61`	`61`	`getLog().info(MESSAGE_RESOLVING_DEPS);`
`62`	`62`
`@@ -77,6 +77,6 @@ protected boolean analyze(Set<Component> components, Set<Dependency> dependencie`
`77`	`77`	`dependencies.addAll(buildDependencyGraph(mavenProject));`
`78`	`78`	`}`
`79`	`79`	`}`
`80`		`- return true;`
	`80`	`+ return "makePackageBom";`
`81`	`81`	`}`
`82`	`82`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,10 +48,11 @@ public interface ModelConverter {`
`48`	`48`	`* Converts a MavenProject into a Metadata object.`
`49`	`49`	`*`
`50`	`50`	`* @param project the MavenProject to convert`
	`51`	`+ * @param analysis type of analysis`
`51`	`52`	`* @param projectType the target CycloneDX component type`
`52`	`53`	`* @param schemaVersion the target CycloneDX schema version`
`53`	`54`	`* @param includeLicenseText should license text be included in bom?`
`54`	`55`	`* @return a CycloneDX Metadata object`
`55`	`56`	`*/`
`56`		`- Metadata convert(MavenProject project, String projectType, CycloneDxSchema.Version schemaVersion, boolean includeLicenseText);`
	`57`	`+ Metadata convert(MavenProject project, String analysis, String projectType, CycloneDxSchema.Version schemaVersion, boolean includeLicenseText);`
`57`	`58`	`}`