This is an automated email from the ASF dual-hosted git repository.
asf-gitbox-commits pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/ant-antlibs-cyclonedx.git
The following commit(s) were added to refs/heads/main by this push:
new 544989c fill metadata section of BOM
544989c is described below
commit 544989c5f5431c09c99bc3addddea7b1798d40e8
Author: Stefan Bodewig <[email protected]>
AuthorDate: Sun Apr 26 17:05:27 2026 +0200
fill metadata section of BOM
---
build.xml | 6 +++
common | 2 +-
ivy.xml | 1 +
.../org/apache/ant/cyclonedx/ComponentBomTask.java | 59 ++++++++++++++++++++++
src/main/org/apache/ant/cyclonedx/ToolData.java | 57 +++++++++++++++++++++
.../main/org/apache/ant/cyclonedx/antlib.xml | 11 ++--
src/tests/antunit/componentbom-test.xml | 40 +++++++++++++++
src/tests/antunit/shared.xml | 42 +++++++++++++++
version.properties | 15 ++++++
9 files changed, 225 insertions(+), 8 deletions(-)
diff --git a/build.xml b/build.xml
index 1a31215..e50f595 100644
--- a/build.xml
+++ b/build.xml
@@ -22,5 +22,11 @@ under the License.
<!-- easy way to override properties -->
<property file="build.properties"/>
+ <target name="ready-to-package" depends="common.ready-to-package">
+ <copy todir="${build.classes}/org/apache/ant/cyclonedx">
+ <file file="version.properties"/>
+ </copy>
+ </target>
+
<import file="common/build.xml"/>
</project>
diff --git a/common b/common
index b7962d5..2dce9ab 160000
--- a/common
+++ b/common
@@ -1 +1 @@
-Subproject commit b7962d5efe06e17223c84633868ee03c33851cb7
+Subproject commit 2dce9ab4f1fa73d0cbd44c7784fe245f7505f779
diff --git a/ivy.xml b/ivy.xml
index 9e0130d..f16e286 100644
--- a/ivy.xml
+++ b/ivy.xml
@@ -56,5 +56,6 @@
<dependencies>
<dependency org="org.cyclonedx" name="cyclonedx-core-java" rev="12.1.0"
conf="default"/>
<dependency org="org.apache.ant" name="ant" rev="1.10.17"
conf="provided->default"/>
+ <dependency org="org.apache.ant" name="ant-antunit" rev="1.4.1"
conf="test->default"/>
</dependencies>
</ivy-module>
diff --git a/src/main/org/apache/ant/cyclonedx/ComponentBomTask.java
b/src/main/org/apache/ant/cyclonedx/ComponentBomTask.java
new file mode 100644
index 0000000..7b94fcd
--- /dev/null
+++ b/src/main/org/apache/ant/cyclonedx/ComponentBomTask.java
@@ -0,0 +1,59 @@
+package org.apache.ant.cyclonedx;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.nio.charset.StandardCharsets;
+import java.util.Collections;
+import java.util.Date;
+import java.util.UUID;
+
+import org.apache.tools.ant.BuildException;
+import org.apache.tools.ant.Task;
+
+import org.cyclonedx.Version;
+import org.cyclonedx.exception.GeneratorException;
+import org.cyclonedx.generators.BomGeneratorFactory;
+import org.cyclonedx.generators.json.BomJsonGenerator;
+import org.cyclonedx.model.Bom;
+import org.cyclonedx.model.LifecycleChoice;
+import org.cyclonedx.model.Lifecycles;
+import org.cyclonedx.model.Metadata;
+
+/**
+ * Task that creates CycloneDX BOM for a single component.
+ */
+public class ComponentBomTask extends Task {
+
+ private File bomFile;
+
+ public void setBomFile(File f) {
+ bomFile = f;
+ }
+
+ public void execute() {
+ Bom bom = new Bom();
+ bom.setSerialNumber("urn:uuid:" + UUID.randomUUID());
+
+ Metadata meta = new Metadata();
+ meta.setTimestamp(new Date());
+ meta.setToolChoice(ToolData.getToolInformation());
+
+ Lifecycles l = new Lifecycles();
+ LifecycleChoice lc = new LifecycleChoice();
+ lc.setPhase(LifecycleChoice.Phase.BUILD);
+ l.setLifecycleChoice(Collections.singletonList(lc));
+ meta.setLifecycles(l);
+
+ bom.setMetadata(meta);
+
+ BomJsonGenerator generator =
BomGeneratorFactory.createJson(Version.VERSION_16, bom);
+ try (FileOutputStream fos = new FileOutputStream(bomFile);
+ OutputStreamWriter writer = new OutputStreamWriter(fos,
StandardCharsets.UTF_8)) {
+ writer.write(generator.toJsonString(true));
+ } catch (IOException | GeneratorException ex) {
+ throw new BuildException("failed to write BOM", ex);
+ }
+ }
+}
diff --git a/src/main/org/apache/ant/cyclonedx/ToolData.java
b/src/main/org/apache/ant/cyclonedx/ToolData.java
new file mode 100644
index 0000000..37b6794
--- /dev/null
+++ b/src/main/org/apache/ant/cyclonedx/ToolData.java
@@ -0,0 +1,57 @@
+package org.apache.ant.cyclonedx;
+
+import java.io.InputStream;
+import java.util.Collections;
+import java.util.Properties;
+
+import org.cyclonedx.model.Component;
+import org.cyclonedx.model.License;
+import org.cyclonedx.model.LicenseChoice;
+import org.cyclonedx.model.OrganizationalEntity;
+import org.cyclonedx.model.metadata.ToolInformation;
+
+/**
+ * Provides tool information for BOM's metadata section.
+ */
+public class ToolData {
+ /**
+ * Tool Information needed for BOM's metadata section.
+ */
+ public static ToolInformation getToolInformation() {
+ ToolInformation tool = new ToolInformation();
+ Component antlibComponent = new Component();
+
+ antlibComponent.setType(Component.Type.LIBRARY);
+ antlibComponent.setGroup("org.apache.ant");
+ antlibComponent.setName("ant-cyclonedx");
+ antlibComponent.setVersion(getVersion());
+ antlibComponent.setDescription("Apache CycloneDX Antlib");
+
+ OrganizationalEntity manufacturer = new OrganizationalEntity();
+ manufacturer.setName("Apache Ant Development Team");
+
manufacturer.setUrls(Collections.singletonList("https://ant.apache.org/";));
+ antlibComponent.setManufacturer(manufacturer);
+
+ LicenseChoice lc = new LicenseChoice();
+ License license = new License();
+ license.setId("Apache-2.0");
+ lc.setLicenses(Collections.singletonList(license));
+ antlibComponent.setLicenses(lc);
+
+ tool.setComponents(Collections.singletonList(antlibComponent));
+ return tool;
+ }
+
+ private static String getVersion() {
+ String version = null;
+ try (InputStream in =
+
ToolData.class.getResourceAsStream("/org/apache/ant/cyclonedx/version.properties"))
{
+ Properties props = new Properties();
+ props.load(in);
+ version = props.getProperty("artifact.version");
+ } catch (Exception ex) {
+ // silently fall back to unknown version
+ }
+ return version == null ? "unknown" : version;
+ }
+}
diff --git a/build.xml b/src/main/org/apache/ant/cyclonedx/antlib.xml
similarity index 81%
copy from build.xml
copy to src/main/org/apache/ant/cyclonedx/antlib.xml
index 1a31215..b2d7e68 100644
--- a/build.xml
+++ b/src/main/org/apache/ant/cyclonedx/antlib.xml
@@ -17,10 +17,7 @@ KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
-<project default="compile" name="cyclonedx">
-
- <!-- easy way to override properties -->
- <property file="build.properties"/>
-
- <import file="common/build.xml"/>
-</project>
+<antlib xmlns:au="ant:current">
+ <taskdef name="componentbom"
+ classname="org.apache.ant.cyclonedx.ComponentBomTask"/>
+</antlib>
diff --git a/src/tests/antunit/componentbom-test.xml
b/src/tests/antunit/componentbom-test.xml
new file mode 100644
index 0000000..8affe9d
--- /dev/null
+++ b/src/tests/antunit/componentbom-test.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project name="componentbom-test" default="antunit">
+
+ <import file="shared.xml" />
+
+ <target name="testToolMetadata">
+ <mkdir dir="${output}"/>
+ <cdx:componentbom bomfile="${output}/bom.json"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx"/>
+ <au:assertResourceContains
+ xmlns:au="antlib:org.apache.ant.antunit"
+ resource="${output}/bom.json"
+ value='"name" : "ant-cyclonedx"'/>
+ <au:assertResourceContains
+ xmlns:au="antlib:org.apache.ant.antunit"
+ resource="${output}/bom.json"
+ value='"version" : "0.1alpha"'/>
+ <au:assertResourceContains
+ xmlns:au="antlib:org.apache.ant.antunit"
+ resource="${output}/bom.json"
+ value='"description" : "Apache CycloneDX Antlib"'/>
+ </target>
+
+</project>
diff --git a/src/tests/antunit/shared.xml b/src/tests/antunit/shared.xml
new file mode 100644
index 0000000..270d84e
--- /dev/null
+++ b/src/tests/antunit/shared.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project name="shared">
+ <property name="antunit.tmpdir" location="${java.io.tmpdir}"/>
+ <property name="input" location="${antunit.tmpdir}/testinput"/>
+ <property name="output" location="${antunit.tmpdir}/testoutput"/>
+
+ <target name="setUp">
+ <echo>${toString:classpath.test}</echo>
+ <typedef uri="antlib:org.apache.ant.antunit"
+ resource="org/apache/ant/antunit/antlib.xml"
+ classpathref="classpath.test"/>
+ <echo>${antlib.location}</echo>
+ <typedef uri="antlib:org.apache.ant.cyclonedx"
+ resource="org/apache/ant/cyclonedx/antlib.xml">
+ <classpath>
+ <path refid="classpath.test"/>
+ <pathelement location="${antlib.location}"/>
+ </classpath>
+ </typedef>
+ </target>
+
+ <target name="tearDown">
+ <delete dir="${input}"/>
+ <delete dir="${output}"/>
+ </target>
+</project>
diff --git a/version.properties b/version.properties
new file mode 100644
index 0000000..5a5d361
--- /dev/null
+++ b/version.properties
@@ -0,0 +1,15 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+artifact.version=0.1alpha
