This is an automated email from the ASF dual-hosted git repository.
asf-gitbox-commits pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/ant-antlibs-cyclonedx.git
The following commit(s) were added to refs/heads/main by this push:
new 450bf63 don't poison metadata cache with extra tool data
450bf63 is described below
commit 450bf638930e5b2c5ca5ca77577501fb7016a70c
Author: Stefan Bodewig <[email protected]>
AuthorDate: Sat May 30 18:13:19 2026 +0200
don't poison metadata cache with extra tool data
---
src/main/org/apache/ant/cyclonedx/ComponentBomTask.java | 14 ++++++++++----
src/tests/antunit/componentbom-test.xml | 6 +++---
2 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/src/main/org/apache/ant/cyclonedx/ComponentBomTask.java
b/src/main/org/apache/ant/cyclonedx/ComponentBomTask.java
index f559b95..261ac25 100644
--- a/src/main/org/apache/ant/cyclonedx/ComponentBomTask.java
+++ b/src/main/org/apache/ant/cyclonedx/ComponentBomTask.java
@@ -37,6 +37,7 @@ import org.cyclonedx.model.LifecycleChoice;
import org.cyclonedx.model.Lifecycles;
import org.cyclonedx.model.Metadata;
import org.cyclonedx.model.OrganizationalEntity;
+import org.cyclonedx.model.metadata.ToolInformation;
/**
* Task that creates CycloneDX BOMs for a single component.
@@ -296,14 +297,19 @@ public class ComponentBomTask extends Task {
private Metadata createMetadata() throws IOException {
Metadata meta = new Metadata();
meta.setTimestamp(new Date());
-
meta.setToolChoice(ToolData.getToolInformation(specVersion.getVersion()));
+ ToolInformation antlibToolInformation =
ToolData.getToolInformation(specVersion.getVersion());
if (!toolComponents.isEmpty()) {
List<org.cyclonedx.model.Component> tools =
- new ArrayList(meta.getToolChoice().getComponents());
+ new ArrayList(antlibToolInformation.getComponents());
for (Component c : toolComponents) {
- tools
.add(c.toAdditionalCycloneDxComponent(specVersion.getVersion()));
+
tools.add(c.toAdditionalCycloneDxComponent(specVersion.getVersion()));
}
- meta.getToolChoice().setComponents(tools);
+ ToolInformation ti = new ToolInformation();
+ ti.setComponents(tools);
+ ti.setServices(antlibToolInformation.getServices());
+ meta.setToolChoice(ti);
+ } else {
+ meta.setToolChoice(antlibToolInformation);
}
if (!licenses.isEmpty()) {
LicenseChoice lc = new LicenseChoice();
diff --git a/src/tests/antunit/componentbom-test.xml
b/src/tests/antunit/componentbom-test.xml
index 2361881..c71816e 100644
--- a/src/tests/antunit/componentbom-test.xml
+++ b/src/tests/antunit/componentbom-test.xml
@@ -54,7 +54,7 @@
value='"url" :
"https://gitbox.apache.org/repos/asf/ant-antlibs-cyclonedx.git";'/>
</target>
- <target name="testToolMetadataInXmlFormat">
+ <target name="testToolMetadataInXmlFormat" depends="testMulipleTools">
<cdx:component name="testname" id="test"
xmlns:cdx="antlib:org.apache.ant.cyclonedx">
<file file="${antlib.location}"/>
@@ -131,10 +131,10 @@
<component name="test"/>
<toolComponent name="extra-tool"/>
</cdx:componentbom>
- <xmlproperty file="${output}/multi.xml"/>
+ <xmlproperty file="${output}/multi.xml" prefix="multi"/>
<au:assertPropertyEquals
xmlns:au="antlib:org.apache.ant.antunit"
- name="bom.metadata.tools.components.component.name"
+ name="multi.bom.metadata.tools.components.component.name"
value="ant-cyclonedx,extra-tool"/>
</target>
