Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[IDEA] make universal #6

Open
1 of 6 tasks
jkowalleck opened this issue Feb 6, 2023 · 2 comments
Open
1 of 6 tasks

[IDEA] make universal #6

jkowalleck opened this issue Feb 6, 2023 · 2 comments
Labels
breaking change enhancement New feature or request

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Feb 6, 2023
edited
Loading

current implementation utilizes https://github.com/CycloneDX/cyclonedx-node-module/
in version @<4
v3 is deprecated. v4 became a meta package, utilizing special implmentations for npm, pnpm, yarn, ...

GOAL: rework this GH action:

  • input (intended to be as much backward compatible as possible, to not break users of @master version to much)
    • path to the project dir - default to ./
    • cyclonedx-version: {1.4, 1.3, ...} - default to latest`
    • output: output file - default to ./bom.xml
    • package-manager: {npm, pnpm, yarn, yarn2}
  • it is expected that the env anlready has a node env setup and the packagemanager is installed.
  • auto-detection: based on lock file type
    • it could detect existence of {npm,pnpm,yarn}-lockfile
  • process:
    • if the tools are not yet available in the current target env, then
      the needed appropriate tools are installed with the according eco system (npx i/pnpm add,yarn add) in a temp dir
    • the appropriate application is run from that temp dir
    • if there is no appropriate application (yet) the GH action exists with an error, prints a info message.

internally

change process:

  • write the docs with: use @v1 - instead of @master
  • current master becomes available as git branch 1.x
  • next version is properly tagged as v2 and so on ...
  • ⚠️ since there might be uses that run directly on @master - the master branch must be working all the time - do development in a dedicated temp branch !
@jkowalleck jkowalleck added the enhancement New feature or request label Feb 6, 2023
@jkowalleck jkowalleck mentioned this issue Feb 6, 2023
Closed
@jkowalleck
Copy link
Member Author

https://github.com/CycloneDX/cyclonedx-node-npm is working,
but neither https://github.com/CycloneDX/cyclonedx-node-pnpm nor https://github.com/CycloneDX/cyclonedx-node-yarn is.

This feature development is postponed, until at least two NPM based implementations are working.

@jkowalleck jkowalleck pinned this issue May 7, 2023
@jkowalleck
Copy link
Member Author

update: https://github.com/CycloneDX/cyclonedx-node-yarn is working as expected

@jkowalleck jkowalleck mentioned this issue Jul 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
breaking change enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jkowalleck