This is an automated email from the ASF dual-hosted git repository.
asf-gitbox-commits pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/ant-antlibs-cyclonedx.git
The following commit(s) were added to refs/heads/main by this push:
new 4c0b03d make supplier take the lead over manufacturer
4c0b03d is described below
commit 4c0b03d67f31411e19cb2e2b65e18d018126057e
Author: Stefan Bodewig <[email protected]>
AuthorDate: Tue May 26 18:21:23 2026 +0200
make supplier take the lead over manufacturer
---
build.xml | 10 ++---
docs/component.html | 16 ++++----
src/main/org/apache/ant/cyclonedx/Component.java | 52 ++++++++++++------------
src/main/org/apache/ant/cyclonedx/ToolData.java | 10 ++---
src/main/org/apache/ant/cyclonedx/antlib.xml | 4 +-
src/tests/antunit/component-test.xml | 44 ++++++++++----------
src/tests/antunit/componentbom-test.xml | 4 +-
src/tests/antunit/distributionbom-test.xml | 2 +-
8 files changed, 71 insertions(+), 71 deletions(-)
diff --git a/build.xml b/build.xml
index 4f838b7..24dcc88 100644
--- a/build.xml
+++ b/build.xml
@@ -131,9 +131,9 @@ under the License.
version="${artifact.version}"
description="Apache CycloneDX Antlib"
publisher="The Apache Software Foundation"
- manufacturerIsSupplier="true">
+ supplierIsManufacturer="true">
<file file="${jarname}"/>
- <manufacturer refid="ant-pmc"/>
+ <supplier refid="ant-pmc"/>
<license refid="apache-2"/>
<externalReferenceSet refid="ant-common-refs"/>
<externalReferenceSet refid="antlib-ext-refs"/>
@@ -146,7 +146,7 @@ under the License.
version="1.10.17"
isExternal="true"
id="ant">
- <manufacturer refid="ant-pmc"/>
+ <supplier refid="ant-pmc"/>
<license refid="apache-2"/>
<externalReferenceSet refid="ant-common-refs"/>
<externalReferenceSet refid="ant-ext-refs"/>
@@ -158,7 +158,7 @@ under the License.
version="1.10.17"
isExternal="true"
id="ant-launcher">
- <manufacturer refid="ant-pmc"/>
+ <supplier refid="ant-pmc"/>
<license refid="apache-2"/>
<externalReferenceSet refid="ant-common-refs"/>
<externalReferenceSet refid="ant-ext-refs"/>
@@ -304,7 +304,7 @@ under the License.
publisher="The Apache Software Foundation"
xmlns:cdx="antlib:org.apache.ant.cyclonedx">
<componentChildren>
- <manufacturer refid="ant-pmc"/>
+ <supplier refid="ant-pmc"/>
<license refid="apache-2"/>
<externalReferenceSet refid="ant-common-refs"/>
<externalReferenceSet refid="antlib-ext-refs"/>
diff --git a/docs/component.html b/docs/component.html
index 47f284f..12b5127 100644
--- a/docs/component.html
+++ b/docs/component.html
@@ -125,13 +125,13 @@ <h3>Attributes</h3>
<td>No</td>
</tr>
<tr>
- <td>manufacturerIsSupplier</td>
+ <td>supplierIsManufacturer</td>
<td>Whether the
- nested <a href="#manufacturer">manufacturer</a> shall be used
- as supplier as well.</td>
+ nested <a href="#supplier">supplier</a> shall be used
+ as manufacturer as well.</td>
<td>No - defaults to <code>false</code>. Must not
be <code>true</code> if a
- nested <a href="#supplier">supplier</a> exists.</td>
+ nested <a href="#manufacturer">manufacturer</a> exists.</td>
</tr>
<tr>
<td>unknownDependencies</td>
@@ -166,7 +166,7 @@ <h4 id="sbomLink">sbomLink</h4>
<code>mimeType</code> and <code>manufacturer</code> are taken
from the SBOM's metadata component unless they are explicitly
specified on the component element itself.</li>
- <li><code>supplier</code> is taken from the SBOM's metadata
+ <li><code>manufacturer</code> is taken from the SBOM's metadata
component unless it is explicitly specified on the component
element itself or <code>manufacturerissupplier</code>
is <code>true</code>.</li>
@@ -347,7 +347,7 @@ <h3>Examples</h3>
unknownDependencies="true"
id="ant"
xmlns:cdx="antlib:org.apache.ant.cyclonedx">
- <manufacturer refid="ant-team"/>
+ <supplier refid="ant-team"/>
<license refid="apache-2"/>
<externalReference
type="VCS"
@@ -362,10 +362,10 @@ <h3>Examples</h3>
version="0.1"
description="Apache CycloneDX Antlib"
publisher="The Apache Software Foundation"
- manufacturerIsSupplier="true"
+ supplierIsManufacturer="true"
xmlns:cdx="antlib:org.apache.ant.cyclonedx">
<file file="ant-antlibs-cyclonedx-0.1.jar"/>
- <manufacturer refid="ant-team"/>
+ <supplier refid="ant-team"/>
<license refid="apache-2"/>
<externalReferenceSet refid="antlib-ext-refs"/>
<dependency componentRef="ant"/>
diff --git a/src/main/org/apache/ant/cyclonedx/Component.java
b/src/main/org/apache/ant/cyclonedx/Component.java
index 0a26fbb..6baae2e 100644
--- a/src/main/org/apache/ant/cyclonedx/Component.java
+++ b/src/main/org/apache/ant/cyclonedx/Component.java
@@ -57,7 +57,7 @@ public class Component extends DataType {
private String copyright;
private Organization manufacturer = null;
private Organization supplier = null;
- private boolean manufacturerIsSupplier = false;
+ private boolean supplierIsManufacturer = false;
private List<org.cyclonedx.model.License> licenses = new ArrayList<>();
private String purl;
private String bomRef;
@@ -254,15 +254,15 @@ public class Component extends DataType {
}
/**
- * If set to {@code true} the manufacturer will also be used to
- * provide the supplier information.
+ * If set to {@code true} the supplier will also be used to
+ * provide the manufacturer information.
*
- * @param manufacturerIsSupplier whether to use manufacturer as
- * supplier as well
+ * @param supplierIsManufacturer whether to use supplier as
+ * manufacturer as well
*/
- public void setManufacturerIsSupplier(boolean manufacturerIsSupplier) {
+ public void setSupplierIsManufacturer(boolean supplierIsManufacturer) {
checkAttributesAllowed();
- this.manufacturerIsSupplier = manufacturerIsSupplier;
+ this.supplierIsManufacturer = supplierIsManufacturer;
}
/**
@@ -595,12 +595,12 @@ public class Component extends DataType {
if (!dependencies.isEmpty() && getBomRef() == null) {
throw new BuildException("components without bomRef cannot have
dependencies");
}
- if (manufacturerIsSupplier) {
- if (manufacturer == null) {
- throw new BuildException("component without manufacturer can't
use manufacturer as supplier");
+ if (supplierIsManufacturer) {
+ if (supplier == null) {
+ throw new BuildException("component without supplier can't use
supplier as manufacturer");
}
- if (supplier != null) {
- throw new BuildException("component with supplier can't use
manufacturer as supplier");
+ if (manufacturer != null) {
+ throw new BuildException("component with manufacturer can't
use supplier as manufacturer");
}
}
@@ -630,15 +630,15 @@ public class Component extends DataType {
if (mimeType != null) {
component.setMimeType(mimeType);
}
- if (manufacturer != null) {
- OrganizationalEntity oe = manufacturer.toOrganizationalEntity();
- component.setManufacturer(oe);
- if (manufacturerIsSupplier) {
- component.setSupplier(oe);
+ if (supplier != null) {
+ OrganizationalEntity oe = supplier.toOrganizationalEntity();
+ component.setSupplier(oe);
+ if (supplierIsManufacturer) {
+ component.setManufacturer(oe);
}
}
- if (supplier != null) {
- component.setSupplier(supplier.toOrganizationalEntity());
+ if (manufacturer != null) {
+ component.setManufacturer(manufacturer.toOrganizationalEntity());
}
String purl = getPurl();
if (purl != null) {
@@ -726,18 +726,18 @@ public class Component extends DataType {
if (mimeType == null) {
setMimeType(real.getMimeType());
}
- if (manufacturer == null) {
- OrganizationalEntity realManufacturer = real.getManufacturer();
- if (realManufacturer != null) {
- manufacturer = Organization.from(realManufacturer);
- }
- }
- if (supplier == null && !manufacturerIsSupplier) {
+ if (supplier == null) {
OrganizationalEntity realSupplier = real.getSupplier();
if (realSupplier != null) {
supplier = Organization.from(realSupplier);
}
}
+ if (manufacturer == null && !supplierIsManufacturer) {
+ OrganizationalEntity realManufacturer = real.getManufacturer();
+ if (realManufacturer != null) {
+ manufacturer = Organization.from(realManufacturer);
+ }
+ }
if (licenses.isEmpty()) {
LicenseChoice realLicenses = real.getLicenses();
if (realLicenses != null) {
diff --git a/src/main/org/apache/ant/cyclonedx/ToolData.java
b/src/main/org/apache/ant/cyclonedx/ToolData.java
index 245caca..bc2345a 100644
--- a/src/main/org/apache/ant/cyclonedx/ToolData.java
+++ b/src/main/org/apache/ant/cyclonedx/ToolData.java
@@ -45,11 +45,11 @@ class ToolData {
antlibComponent.setDescription("Apache CycloneDX Antlib");
antlibComponent.setPublisher("The Apache Software Foundation");
- Organization manufacturer = new Organization();
- manufacturer.setName("Apache Ant Project Management Committee");
- manufacturer.addConfiguredUrl(new
URLResource("https://ant.apache.org/";));
- antlibComponent.addManufacturer(manufacturer);
- antlibComponent.setManufacturerIsSupplier(true);
+ Organization supplier = new Organization();
+ supplier.setName("Apache Ant Project Management Committee");
+ supplier.addConfiguredUrl(new URLResource("https://ant.apache.org/";));
+ antlibComponent.addSupplier(supplier);
+ antlibComponent.setSupplierIsManufacturer(true);
License license = new License();
license.setLicenseId("Apache-2.0");
diff --git a/src/main/org/apache/ant/cyclonedx/antlib.xml
b/src/main/org/apache/ant/cyclonedx/antlib.xml
index a3385bf..40a204d 100644
--- a/src/main/org/apache/ant/cyclonedx/antlib.xml
+++ b/src/main/org/apache/ant/cyclonedx/antlib.xml
@@ -40,7 +40,7 @@ under the License.
<attribute name="componentType" default="file"/>
<attribute name="format" default="all"/>
<attribute name="useComponentSupplier" default="true"/>
- <attribute name="manufacturerIsSupplier" default="true"/>
+ <attribute name="supplierIsManufacturer" default="true"/>
<element name="archiveContent"/>
<element name="componentChildren" optional="true"/>
<element name="additionalBomContent" optional="true"/>
@@ -57,7 +57,7 @@ under the License.
description="@{description}"
publisher="@{publisher}"
type="@{componentType}"
- manufacturerIsSupplier="@{manufacturerIsSupplier}">
+ supplierIsManufacturer="@{supplierIsManufacturer}">
<file file="@{archiveLocation}"
unless:blank="@{archiveLocation}" xmlns:unless="ant:unless"/>
<componentChildren/>
diff --git a/src/tests/antunit/component-test.xml
b/src/tests/antunit/component-test.xml
index d6e62b3..bc03687 100644
--- a/src/tests/antunit/component-test.xml
+++ b/src/tests/antunit/component-test.xml
@@ -354,39 +354,39 @@
value="some-dependency"/>
</target>
- <target name="testManufacturerIsNotCopiedToSupplierByDefault">
+ <target name="testSupplierIsNotCopiedToManufacturerByDefault">
<cdx:componentbom outputdirectory="${output}" format="xml"
xmlns:cdx="antlib:org.apache.ant.cyclonedx">
<component name="foo">
- <manufacturer name="Example">
+ <supplier name="Example">
<url url="https://example.com/"/>
- </manufacturer>
+ </supplier>
</component>
</cdx:componentbom>
<xmlproperty file="${output}/bom.xml"/>
<au:assertPropertyEquals
xmlns:au="antlib:org.apache.ant.antunit"
- name="bom.metadata.component.manufacturer.name"
+ name="bom.metadata.component.supplier.name"
value="Example"/>
<au:assertPropertyEquals
xmlns:au="antlib:org.apache.ant.antunit"
- name="bom.metadata.component.manufacturer.url"
+ name="bom.metadata.component.supplier.url"
value="https://example.com/"/>
- <au:fail message="expected bom.metadata.components.component.supplier.name
to not be set"
+ <au:fail message="expected
bom.metadata.components.component.manufacturer.name to not be set"
xmlns:au="antlib:org.apache.ant.antunit">
<not>
- <isset property="bom.metadata.component.supplier.name"/>
+ <isset property="bom.metadata.component.manufacturer.name"/>
</not>
</au:fail>
</target>
- <target name="testManufacturerIsCopiedToSupplierWhenRequested">
+ <target name="testSupplierIsCopiedToManufacturerWhenRequested">
<cdx:componentbom outputdirectory="${output}" format="xml"
xmlns:cdx="antlib:org.apache.ant.cyclonedx">
- <component name="foo" manufacturerIsSupplier="true">
- <manufacturer name="Example">
+ <component name="foo" supplierIsManufacturer="true">
+ <supplier name="Example">
<url url="https://example.com/"/>
- </manufacturer>
+ </supplier>
</component>
</cdx:componentbom>
<xmlproperty file="${output}/bom.xml"/>
@@ -408,12 +408,12 @@
value="https://example.com/"/>
</target>
- <target name="testManufacturerIsSupplierMustNotBeTrueWhenSupplierIsPresent">
- <au:expectfailure expectedMessage="component with supplier can't use
manufacturer as supplier"
+ <target name="testSupplierIsManufacturerMustNotBeTrueWhenSupplierIsPresent">
+ <au:expectfailure expectedMessage="component with manufacturer can't use
supplier as manufacturer"
xmlns:au="antlib:org.apache.ant.antunit">
<cdx:componentbom outputdirectory="${output}" format="xml"
xmlns:cdx="antlib:org.apache.ant.cyclonedx">
- <component name="foo" manufacturerIsSupplier="true">
+ <component name="foo" supplierIsManufacturer="true">
<manufacturer name="Example">
<url url="https://example.com/"/>
</manufacturer>
@@ -687,7 +687,7 @@
<au:expectfailure
expectedMessage='You must not specify more than one attribute when
using refid'
xmlns:au="antlib:org.apache.ant.antunit">
- <cdx:component manufacturerIsSupplier="false" refid="foo"
+ <cdx:component supplierIsManufacturer="false" refid="foo"
xmlns:cdx="antlib:org.apache.ant.cyclonedx"/>
</au:expectfailure>
</target>
@@ -934,14 +934,14 @@
</target>
<target
- name="testSbomLinkDoesNotUseLinkedSupplierIfManufacturerIsSupplier"
+ name="testSbomLinkDoesNotUseLinkedManufacturerIfSupplierIsManufacturer"
depends="createMaximalComponentData">
<cdx:componentbom
bomName="merged"
outputdirectory="${output}"
format="xml"
xmlns:cdx="antlib:org.apache.ant.cyclonedx">
- <component manufacturerIsSupplier="true">
+ <component supplierIsManufacturer="true">
<sbomLink>
<file file="${output}/bom.json"/>
</sbomLink>
@@ -951,23 +951,23 @@
<au:assertPropertyEquals
xmlns:au="antlib:org.apache.ant.antunit"
name="bom.metadata.component.manufacturer.name"
- value="Example"/>
+ value="Example 2"/>
<au:assertPropertyEquals
xmlns:au="antlib:org.apache.ant.antunit"
name="bom.metadata.component.manufacturer.url"
- value="https://example.org/"/>
+ value="https://example.com/"/>
<au:assertPropertyEquals
xmlns:au="antlib:org.apache.ant.antunit"
name="bom.metadata.component.supplier.name"
- value="Example"/>
+ value="Example 2"/>
<au:assertPropertyEquals
xmlns:au="antlib:org.apache.ant.antunit"
name="bom.metadata.component.supplier.url"
- value="https://example.org/"/>
+ value="https://example.com/"/>
</target>
<target
- name="testDataFromLinkedSbomCanBeOverwerittenOrMerged"
+ name="testDataFromLinkedSbomCanBeOverwrittenOrMerged"
depends="createMaximalComponentData">
<cdx:componentbom
bomName="merged"
diff --git a/src/tests/antunit/componentbom-test.xml
b/src/tests/antunit/componentbom-test.xml
index 40a8cfa..b0b5ac6 100644
--- a/src/tests/antunit/componentbom-test.xml
+++ b/src/tests/antunit/componentbom-test.xml
@@ -436,9 +436,9 @@
version="${artifact.version}"
description="Apache CycloneDX Antlib"
publisher="The Apache Software Foundation"
- manufacturerIsSupplier="true">
+ supplierIsManufacturer="true">
<file file="${antlib.location}"/>
- <manufacturer refid="ant-team"/>
+ <supplier refid="ant-team"/>
<license refid="apache-2"/>
<externalReferenceSet refid="antlib-ext-refs"/>
<dependency componentRef="ant"/>
diff --git a/src/tests/antunit/distributionbom-test.xml
b/src/tests/antunit/distributionbom-test.xml
index cc84c7a..c92c84f 100644
--- a/src/tests/antunit/distributionbom-test.xml
+++ b/src/tests/antunit/distributionbom-test.xml
@@ -30,7 +30,7 @@
outputdirectory="${output}"
xmlns:cdx="antlib:org.apache.ant.cyclonedx">
<componentChildren>
- <manufacturer refid="ant-team"/>
+ <supplier refid="ant-team"/>
<license refid="apache-2"/>
<externalReferenceSet refid="antlib-ext-refs"/>
</componentChildren>
