-
Notifications
You must be signed in to change notification settings - Fork 912
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
8 changed files
with
266 additions
and
0 deletions.
There are no files selected for viewing
42 changes: 42 additions & 0 deletions
42
...ain/java/io/spring/start/site/extension/dependency/sbom/SbomCycloneDxBuildCustomizer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| /* | ||
| * Copyright 2012-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package io.spring.start.site.extension.dependency.sbom; | ||
|
|
||
| import io.spring.initializr.generator.buildsystem.Build; | ||
| import io.spring.initializr.generator.spring.build.BuildCustomizer; | ||
|
|
||
| import org.springframework.core.Ordered; | ||
|
|
||
| /** | ||
| * {@link BuildCustomizer} that removes the CycloneDX SBOM dependency as SBOM support does | ||
| * not require any dependency. | ||
| * | ||
| * @author Moritz Halbritter | ||
| */ | ||
| class SbomCycloneDxBuildCustomizer implements BuildCustomizer<Build> { | ||
|
|
||
| @Override | ||
| public void customize(Build build) { | ||
| build.dependencies().remove("sbom-cyclone-dx"); | ||
| } | ||
|
|
||
| @Override | ||
| public int getOrder() { | ||
| return Ordered.LOWEST_PRECEDENCE - 10; | ||
| } | ||
|
|
||
| } |
36 changes: 36 additions & 0 deletions
36
...va/io/spring/start/site/extension/dependency/sbom/SbomCycloneDxGradleBuildCustomizer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| /* | ||
| * Copyright 2012-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package io.spring.start.site.extension.dependency.sbom; | ||
|
|
||
| import io.spring.initializr.generator.buildsystem.gradle.GradleBuild; | ||
| import io.spring.initializr.generator.spring.build.BuildCustomizer; | ||
|
|
||
| /** | ||
| * {@link BuildCustomizer} that adds the CycloneDX Gradle plugin. | ||
| * | ||
| * @author Moritz Halbritter | ||
| */ | ||
| class SbomCycloneDxGradleBuildCustomizer implements BuildCustomizer<GradleBuild> { | ||
|
|
||
| private static final String PLUGIN_VERSION = "1.8.2"; | ||
|
|
||
| @Override | ||
| public void customize(GradleBuild build) { | ||
| build.plugins().add("org.cyclonedx.bom", (plugin) -> plugin.setVersion(PLUGIN_VERSION)); | ||
| } | ||
|
|
||
| } |
34 changes: 34 additions & 0 deletions
34
...ava/io/spring/start/site/extension/dependency/sbom/SbomCycloneDxMavenBuildCustomizer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| /* | ||
| * Copyright 2012-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package io.spring.start.site.extension.dependency.sbom; | ||
|
|
||
| import io.spring.initializr.generator.buildsystem.maven.MavenBuild; | ||
| import io.spring.initializr.generator.spring.build.BuildCustomizer; | ||
|
|
||
| /** | ||
| * {@link BuildCustomizer} that adds the CycloneDX Maven plugin. | ||
| * | ||
| * @author Moritz Halbritter | ||
| */ | ||
| class SbomCycloneDxMavenBuildCustomizer implements BuildCustomizer<MavenBuild> { | ||
|
|
||
| @Override | ||
| public void customize(MavenBuild build) { | ||
| build.plugins().add("org.cyclonedx", "cyclonedx-maven-plugin"); | ||
| } | ||
|
|
||
| } |
53 changes: 53 additions & 0 deletions
53
...va/io/spring/start/site/extension/dependency/sbom/SbomProjectGenerationConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| /* | ||
| * Copyright 2012-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package io.spring.start.site.extension.dependency.sbom; | ||
|
|
||
| import io.spring.initializr.generator.buildsystem.gradle.GradleBuildSystem; | ||
| import io.spring.initializr.generator.buildsystem.maven.MavenBuildSystem; | ||
| import io.spring.initializr.generator.condition.ConditionalOnBuildSystem; | ||
| import io.spring.initializr.generator.condition.ConditionalOnRequestedDependency; | ||
| import io.spring.initializr.generator.project.ProjectGenerationConfiguration; | ||
|
|
||
| import org.springframework.context.annotation.Bean; | ||
|
|
||
| /** | ||
| * {@link ProjectGenerationConfiguration} for generation of projects that use SBOMs. | ||
| * | ||
| * @author Moritz Halbritter | ||
| */ | ||
| @ProjectGenerationConfiguration | ||
| @ConditionalOnRequestedDependency("sbom-cyclone-dx") | ||
| class SbomProjectGenerationConfiguration { | ||
|
|
||
| @Bean | ||
| SbomCycloneDxBuildCustomizer sbomBuildCustomizer() { | ||
| return new SbomCycloneDxBuildCustomizer(); | ||
| } | ||
|
|
||
| @Bean | ||
| @ConditionalOnBuildSystem(MavenBuildSystem.ID) | ||
| SbomCycloneDxMavenBuildCustomizer sbomCycloneDxMavenBuildCustomizer() { | ||
| return new SbomCycloneDxMavenBuildCustomizer(); | ||
| } | ||
|
|
||
| @Bean | ||
| @ConditionalOnBuildSystem(GradleBuildSystem.ID) | ||
| SbomCycloneDxGradleBuildCustomizer sbomCycloneDxGradleBuildCustomizer() { | ||
| return new SbomCycloneDxGradleBuildCustomizer(); | ||
| } | ||
|
|
||
| } |
20 changes: 20 additions & 0 deletions
20
start-site/src/main/java/io/spring/start/site/extension/dependency/sbom/package-info.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| /* | ||
| * Copyright 2012-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| /** | ||
| * Extensions for generation of projects that use SBOMs. | ||
| */ | ||
| package io.spring.start.site.extension.dependency.sbom; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
70 changes: 70 additions & 0 deletions
70
.../spring/start/site/extension/dependency/sbom/SbomProjectGenerationConfigurationTests.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| /* | ||
| * Copyright 2012-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package io.spring.start.site.extension.dependency.sbom; | ||
|
|
||
| import io.spring.initializr.web.project.ProjectRequest; | ||
| import io.spring.start.site.extension.AbstractExtensionTests; | ||
| import org.junit.jupiter.api.Test; | ||
|
|
||
| import static org.assertj.core.api.Assertions.assertThat; | ||
|
|
||
| /** | ||
| * Tests for {@link SbomProjectGenerationConfiguration}. | ||
| * | ||
| * @author Moritz Halbritter | ||
| */ | ||
| class SbomProjectGenerationConfigurationTests extends AbstractExtensionTests { | ||
|
|
||
| @Test | ||
| void shouldNotAddGradlePluginIfSbomIsNotSelected() { | ||
| ProjectRequest request = createProjectRequest("web"); | ||
| assertThat(gradleBuild(request)).doesNotContain("org.cyclonedx.bom"); | ||
| } | ||
|
|
||
| @Test | ||
| void shouldNotAddMavenPluginIfSbomIsNotSelected() { | ||
| ProjectRequest request = createProjectRequest("web"); | ||
| assertThat(mavenPom(request)).doesNotContain("cyclonedx-maven-plugin"); | ||
| } | ||
|
|
||
| @Test | ||
| void shouldRemoveArtificalDependency() { | ||
| ProjectRequest request = createProjectRequest("sbom-cyclone-dx"); | ||
| assertThat(mavenPom(request)).doesNotHaveDependency("org.springframework.boot", "spring-boot"); | ||
| assertThat(gradleBuild(request)).doesNotContain("'org.springframework.boot:spring-boot'"); | ||
| } | ||
|
|
||
| @Test | ||
| void shouldAddMavenPlugin() { | ||
| ProjectRequest request = createProjectRequest("sbom-cyclone-dx"); | ||
| assertThat(mavenPom(request)).lines().containsSequence( | ||
| // @formatter:off | ||
| " <plugin>", | ||
| " <groupId>org.cyclonedx</groupId>", | ||
| " <artifactId>cyclonedx-maven-plugin</artifactId>", | ||
| " </plugin>" | ||
| // @formatter:on | ||
| ); | ||
| } | ||
|
|
||
| @Test | ||
| void shouldAddGradlePlugin() { | ||
| ProjectRequest request = createProjectRequest("sbom-cyclone-dx"); | ||
| assertThat(gradleBuild(request)).hasPlugin("org.cyclonedx.bom", "1.8.2"); | ||
| } | ||
|
|
||
| } |