fix: turn exhortignore strategy into sensitive

chore: prepare 0.0.2 release(#68)
docs: fix typo in documentation
ci: fix changelog of release and README.md update

---------

Signed-off-by: Zvi Grinberg <zgrinber@redhat.com>

.github/workflows/release.yml

@@ -27,6 +27,7 @@ jobs:
     if: github.repository_owner == 'RHEcosystemAppEng' && startsWith(github.head_ref, 'release/')
     outputs:
       project_version: ${{ steps.project.outputs.version }}
+      last_release_tag: ${{ steps.last-release.outputs.tag-name }}
     steps:
       - name: Checkout sources
         uses: actions/checkout@v3
@@ -42,6 +43,17 @@ jobs:
           java-version: 11
           cache: maven
 
+      - name: setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+          cache: 'pip'
+      - name: get Python location
+        id: python-location
+        run: |
+          echo "python-bin-location=$(echo $pythonLocation)/bin" >> $GITHUB_OUTPUT
+
+
       - name: create ssh agent
         uses: webfactory/ssh-agent@v0.7.0
         with:
@@ -53,12 +65,19 @@ jobs:
           git config user.email "${{ github.actor }}@users.noreply.github.com"
 
 
+      - name: get previous released annotated tag
+        id: last-release
+        run: |
+          echo "tag-name=$(git describe | awk -F '-' '{print $1}')" >> "$GITHUB_OUTPUT"
+
       - name: Deploy release to GitHub
         run: |
           mvn -DskipTests -Darguments=-DskipTests release:prepare -B -ff
           mvn release:perform -B -ff
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          EXHORT_PYTHON3_PATH: "${{steps.python-location.outputs.python-bin-location}}/python3"
+          EXHORT_PIP3_PATH: "${{steps.python-location.outputs.python-bin-location}}/pip3"
 
       - name: Get pom version of released artifact
         id: project
@@ -75,6 +94,20 @@ jobs:
     environment: staging
     needs: deploy
     steps:
+
+      - name: Create release notes for ${{ needs.deploy.outputs.project_version }} release
+        uses: actions/github-script@v6
+        id: release-notes
+        with:
+          github-token: ${{ secrets.STAGING_PAT }}
+          script: |
+            const repo_name = context.payload.repository.full_name
+            const response = await github.request('POST /repos/' + repo_name + '/releases' + '/generate-notes', {
+              tag_name: '${{ needs.deploy.outputs.project_version }}',
+              previous_tag_name: '${{ needs.deploy.outputs.last_release_tag }}'
+            })
+            return response.body
+
       - name: Create new ${{ needs.deploy.outputs.project_version }} release
         uses: actions/github-script@v6
         with:
@@ -84,10 +117,10 @@ jobs:
             const response = await github.request('POST /repos/' + repo_name + '/releases', {
               tag_name: '${{ needs.deploy.outputs.project_version }}',
               name: '${{ needs.deploy.outputs.project_version }}',
+              body: '${{ steps.release-notes.outputs.result }}',
               draft: false,
-              prerelease: true,
-              generate_release_notes: true,
-              make_latest: 'false'
+              prerelease: false,
+              make_latest: 'true'
             })
 
       - name: Checkout sources
@@ -104,6 +137,7 @@ jobs:
       - name: Get pom version of new snapshot artifact
         id: project_snapshot
         run: |
+          git pull
           echo "version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" >> "$GITHUB_OUTPUT"
 
 
@@ -115,7 +149,6 @@ jobs:
 
       - name: Push modifications
         run: |
-          git pull
           git add README.md
           git commit -m "docs: updated usage section with version ${{ steps.project_snapshot.outputs.version }} [skip ci]"
           git push

README.md

@@ -397,7 +397,7 @@ following keys for setting custom paths for the said executables.
 
 ####  Python Support
 
-By default Python support assumes that the package is installed using the pip/pip3 binary on the system PATH, of in the customized
+By default, Python support assumes that the package is installed using the pip/pip3 binary on the system PATH, or of the customized
 Binaries passed to environment variables. If the package is not installed , then an error will be thrown.
 
 There is an experimental feature of installing the requirement.txt on a virtual env(only python3 or later is supported for this feature) - in this case,

src/main/java/com/redhat/exhort/providers/JavaMavenProvider.java

@@ -102,7 +102,7 @@ public Content provideStack(final Path manifestPath) throws IOException {
   }
 
   private Sbom buildSbomFromTextFormat(Path textFormatFile) throws IOException {
-    var sbom = SbomFactory.newInstance(Sbom.BelongingCondition.PURL,"insensitive");
+    var sbom = SbomFactory.newInstance(Sbom.BelongingCondition.PURL,"sensitive");
     List<String> lines = Files.readAllLines(textFormatFile);
     var root = lines.get(0);
     var rootPurl = parseDep(root);

src/test/resources/tst_manifests/maven/deps_no_trivial_with_ignore/expected_stack_sbom.json

@@ -3,6 +3,7 @@
   "specVersion" : "1.4",
   "version" : 1,
   "metadata" : {
+    "timestamp" : "2023-10-17T09:00:56Z",
     "component" : {
       "group" : "pom-no-trivial-with-deps-and-ignore",
       "name" : "demo",
@@ -317,6 +318,14 @@
       "type" : "library",
       "bom-ref" : "pkg:maven/io.quarkus/quarkus-core@2.13.5.Final"
     },
+    {
+      "group" : "io.quarkus",
+      "name" : "quarkus-arc",
+      "version" : "2.13.6.Final",
+      "purl" : "pkg:maven/io.quarkus/quarkus-arc@2.13.6.Final",
+      "type" : "library",
+      "bom-ref" : "pkg:maven/io.quarkus/quarkus-arc@2.13.6.Final"
+    },
     {
       "group" : "io.quarkus",
       "name" : "quarkus-resteasy-common",
@@ -1044,6 +1053,14 @@
       "purl" : "pkg:maven/io.vertx/vertx-uri-template@4.3.4",
       "type" : "library",
       "bom-ref" : "pkg:maven/io.vertx/vertx-uri-template@4.3.4"
+    },
+    {
+      "group" : "org.postgresql",
+      "name" : "postgresql",
+      "version" : "42.5.1",
+      "purl" : "pkg:maven/org.postgresql/postgresql@42.5.1",
+      "type" : "library",
+      "bom-ref" : "pkg:maven/org.postgresql/postgresql@42.5.1"
     }
   ],
   "dependencies" : [
@@ -1297,6 +1314,7 @@
       "ref" : "pkg:maven/io.quarkus/quarkus-resteasy-server-common@2.7.7.Final",
       "dependsOn" : [
         "pkg:maven/io.quarkus/quarkus-core@2.13.5.Final",
+        "pkg:maven/io.quarkus/quarkus-arc@2.13.6.Final",
         "pkg:maven/io.quarkus/quarkus-resteasy-common@2.7.7.Final",
         "pkg:maven/jakarta.validation/jakarta.validation-api@2.0.2"
       ]
@@ -1322,11 +1340,20 @@
         "pkg:maven/io.quarkus/quarkus-fs-util@0.0.9"
       ]
     },
+    {
+      "ref" : "pkg:maven/io.quarkus/quarkus-arc@2.13.6.Final",
+      "dependsOn" : [
+        "pkg:maven/io.quarkus.arc/arc@2.13.5.Final",
+        "pkg:maven/io.quarkus/quarkus-core@2.13.5.Final",
+        "pkg:maven/org.eclipse.microprofile.context-propagation/microprofile-context-propagation-api@1.2"
+      ]
+    },
     {
       "ref" : "pkg:maven/io.quarkus/quarkus-resteasy-common@2.7.7.Final",
       "dependsOn" : [
         "pkg:maven/io.quarkus/quarkus-core@2.13.5.Final",
         "pkg:maven/org.jboss.resteasy/resteasy-core@4.7.5.Final",
+        "pkg:maven/io.quarkus/quarkus-arc@2.13.6.Final",
         "pkg:maven/com.sun.activation/jakarta.activation@1.2.1"
       ]
     },
@@ -1608,7 +1635,8 @@
       "dependsOn" : [
         "pkg:maven/io.smallrye/smallrye-context-propagation@1.2.2",
         "pkg:maven/jakarta.enterprise/jakarta.enterprise.cdi-api@2.0.2",
-        "pkg:maven/io.quarkus/quarkus-core@2.13.5.Final"
+        "pkg:maven/io.quarkus/quarkus-core@2.13.5.Final",
+        "pkg:maven/io.quarkus/quarkus-arc@2.13.6.Final"
       ]
     },
     {
@@ -1799,6 +1827,7 @@
     {
       "ref" : "pkg:maven/io.quarkus/quarkus-vertx@2.13.5.Final",
       "dependsOn" : [
+        "pkg:maven/io.quarkus/quarkus-arc@2.13.6.Final",
         "pkg:maven/io.quarkus/quarkus-netty@2.13.5.Final",
         "pkg:maven/io.netty/netty-codec-haproxy@4.1.82.Final",
         "pkg:maven/io.smallrye.common/smallrye-common-annotation@1.13.1",
@@ -1815,6 +1844,7 @@
         "pkg:maven/io.netty/netty-codec@4.1.82.Final",
         "pkg:maven/io.netty/netty-codec-http@4.1.78.Final",
         "pkg:maven/io.netty/netty-codec-http2@4.1.78.Final",
+        "pkg:maven/io.quarkus/quarkus-arc@2.13.6.Final",
         "pkg:maven/io.netty/netty-handler@4.1.78.Final",
         "pkg:maven/jakarta.enterprise/jakarta.enterprise.cdi-api@2.0.2",
         "pkg:maven/com.aayushatharva.brotli4j/brotli4j@1.7.1"
@@ -1940,6 +1970,10 @@
       "dependsOn" : [
         "pkg:maven/io.vertx/vertx-core@4.3.3"
       ]
+    },
+    {
+      "ref" : "pkg:maven/org.postgresql/postgresql@42.5.1",
+      "dependsOn" : [ ]
     }
   ]
 }