This is an automated email from the ASF dual-hosted git repository. asf-gitbox-commits pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/ant-antlibs-cyclonedx.git
commit 3b548b65dc4b1abef771f1bc5a203f8162952952 Author: Stefan Bodewig <[email protected]> AuthorDate: Sun Jun 21 10:41:42 2026 +0200 extract macrodef defined at least four times now into a task provided by the antlib --- build.xml | 57 +------ changes.xml | 4 + docs/archivebom.html | 236 +++++++++++++++++++++++++++ docs/componentbom.html | 2 +- docs/index.html | 4 + src/main/org/apache/ant/cyclonedx/antlib.xml | 51 +++++- src/tests/antunit/archivebom-test.xml | 141 ++++++++++++++++ src/tests/antunit/distributionbom-test.xml | 102 ------------ 8 files changed, 443 insertions(+), 154 deletions(-) diff --git a/build.xml b/build.xml index a8b4f59..0660878 100644 --- a/build.xml +++ b/build.xml @@ -212,49 +212,6 @@ under the License. <target name="ready-for-bin-dist" depends="create-antlib-sbom,common.ready-for-bin-dist"/> <target name="after-dist" depends="define-cyclonedx-components"> - <macrodef name="distributionbom" backtrace="false"> - <attribute name="version"/> - <attribute name="archiveName"/> - <attribute name="archiveUrl"/> - <attribute name="archiveLocation" default=""/> - <attribute name="outputDirectory"/> - <attribute name="description"/> - <attribute name="publisher"/> - <attribute name="componentType" default="file"/> - <attribute name="format" default="all"/> - <attribute name="useComponentManufacturer" default="true"/> - <attribute name="useComponentSupplier" default="true"/> - <attribute name="supplierIsManufacturer" default="true"/> - <element name="archiveContent"/> - <element name="componentChildren" optional="true"/> - <element name="additionalBomContent" optional="true"/> - <sequential - xmlns:cdx="antlib:org.apache.ant.cyclonedx"> - <cdx:componentbom - bomName="@{archiveName}.cdx" - outputdirectory="@{outputDirectory}" - format="@{format}" - useComponentManufacturer="@{useComponentManufacturer}" - useComponentSupplier="@{useComponentSupplier}"> - <component - version="@{version}" - purl="@{archiveUrl}" - name="@{archiveUrl}" - description="@{description}" - publisher="@{publisher}" - type="@{componentType}" - supplierIsManufacturer="@{supplierIsManufacturer}"> - <file file="@{archiveLocation}" - unless:blank="@{archiveLocation}" xmlns:unless="ant:unless"/> - <componentChildren/> - </component> - <pureFileComponents> - <archiveContent/> - </pureFileComponents> - <additionalBomContent/> - </cdx:componentbom> - </sequential> - </macrodef> <macrodef name="create-tarball-bom"> <attribute name="distdir"/> <attribute name="distbase"/> @@ -264,23 +221,23 @@ under the License. <attribute name="ext"/> <element name="moreComponentChildren" implicit="true" optional="true"/> <sequential> - <distributionbom + <cdx:archivebom outputdirectory="@{distbase}" - version="${artifact.version}" - archiveName="${dist.name}-@{binsrc}.@{ext}" - archiveUrl="https://archive.apache.org/dist/ant/antlibs/cyclonedx/@{subdir}/${dist.name}-@{binsrc}.@{ext}"; + archiveVersion="${artifact.version}" + bomName="${dist.name}-@{binsrc}.@{ext}.cdx" + purl="https://archive.apache.org/dist/ant/antlibs/cyclonedx/@{subdir}/${dist.name}-@{binsrc}.@{ext}"; archiveLocation="@{distbase}/${dist.name}-@{binsrc}.@{ext}" description="Apache CycloneDX Antlib @{binarysource}" publisher="The Apache Software Foundation" xmlns:cdx="antlib:org.apache.ant.cyclonedx"> - <componentChildren> + <additionalComponentChildren> <supplier refid="ant-pmc"/> <license refid="apache-2"/> <externalReferenceSet refid="ant-common-refs"/> <externalReferenceSet refid="antlibs-common-ext-refs"/> <externalReferenceSet refid="antlib-ext-refs"/> <moreComponentChildren/> - </componentChildren> + </additionalComponentChildren> <archiveContent> <fileset dir="@{distdir}/.."> <include name="${dist.name}/**"/> @@ -289,7 +246,7 @@ under the License. <additionalBomContent> <license refid="apache-2"/> </additionalBomContent> - </distributionbom> + </cdx:archivebom> </sequential> </macrodef> <macrodef name="create-tarball-boms"> diff --git a/changes.xml b/changes.xml index e1a2285..8bec624 100644 --- a/changes.xml +++ b/changes.xml @@ -68,6 +68,10 @@ nested element. Other tasks and types may bypass the mapped name if they can go to the underlying files directly. </action> + <action type="add"> + A new specialized task "archivebom" simplifies creation of SBOMs + for distribution zips/tarballs by providing a few defaults. + </action> </release> <release version="0.1" date="2026-06-03" description="initial release"> diff --git a/docs/archivebom.html b/docs/archivebom.html new file mode 100644 index 0000000..11282cd --- /dev/null +++ b/docs/archivebom.html @@ -0,0 +1,236 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<html> + <head> + <meta http-equiv="Content-Language" content="en-us"></meta> + <link rel="stylesheet" type="text/css" href="style.css"> + <title>Apache CycloneDX Ant Library - archivebom Task</title> + </head> + + <body> + <h2 id="archivebom">archivebom Task</h2> + + <p><em>since CycloneDX Antlib 0.2</em></p> + + <p>The <code>archivebom</code> task is a speciailization of the + <a href="componentbom.html"><code>componentbom</code></a> task + tailored to SBOMs created for zips or tarballs of software + distributions. It creates a nested component of the SBOM based + on some extra attibutes and expects contents that are turned + into <a href="componentbom.html#pureFileComponents">componentbom's + pureFileComponents</a>.</p> + + <p>Some defaults differ from those of <code>componentbom</code>, + the component type will by "file" for example. The task also + assumes you will at least specify a <code>supplier</code> of the + archive component via the nested + <a href="#additionalComponentChildren"><code>additionalComponentChildren</code></a> + element and want to use that as manufacturer of the component as + well as both the supplier and manufacturer of the SBOM + itself. If this is not what you intend, you may need to + explicitly + set <code>useComponentSupplier</code>, <code>useComponentManufacturer</code> + or <code>supplierIsManufacturer</code>.</p> + + <p>The component of the SBOM requires + <code>archiveVersion</code> as well as <code>purl</code> - the + later is also used as the component's name. The group of the + archive component will not be set.</p> + + <h3>Attributes</h3> + + <table class="attr"> + <tr> + <th scope="col">Attribute</th> + <th scope="col">Description</th> + <th scope="col">Required</th> + </tr> + <tr> + <td>specVersion</td> + <td>Version of the CycloneDX specification for the generated + SBOM. This can be specified as number (like "1.6") or one of + the enum constants of the <code>org.cyclonedx.Version</code> + type (i.e. like "VERSION_16").<br/> + The supported values depend on the CycloneDX Core (Java) + library version used. + </td> + <td>No, defaults to "1.6" in the current version of the Ant + library but this may change in future versions.</td> + </tr> + <tr> + <td>format</td> + <td>The format of the SBOM(s) to write. May be "json", "xml" + (or rather the enum constants of + the <code>org.cyclonedx.Format</code> type and their file + extensions) or the special value "all". <br/> + For spec version 1.2 and later "all" means both "json" and + "xml" (so the task will create two files), for "1.0" and + "1.1" it is equivalent to "xml".<br/> + The supported values depend on the CycloneDX Core (Java) + library version used. + </td> + <td>No, defaults to "json".</td> + </tr> + <tr> + <td>bomName</td> + <td>The base name of the generated SBOM file. The full file + name will be <em>bomName</em>.<em>format</em>.</td> + <td>No, defaults to "bom".</td> + </tr> + <tr> + <td>outputDirectory</td> + <td>Sets the directory where the SBOM file(s) will be written + to. Relative paths are relative to the project's base + directory</td> + <td>No, defaults to the project's <code>basedir</code>.</td> + </tr> + <tr> + <td>componentType</td> + <td>The type of the component. Valid types are defined by the + <a href="https://cyclonedx.org/docs/1.7/json/#metadata_tools_oneOf_i0_components_items_type";>CycloneDX + specification</a>.</td> + <td>No, the default is "file"</td> + </tr> + <tr> + <td>archiveVersion</td> + <td>The version of the component.</td> + <td>Yes</td> + </tr> + <tr> + <td>purl</td> + <td>The <a href="https://github.com/package-url/purl-spec";>Package-URL + (purl)</a> of the component. Will also be used as the + component's name.</td> + <td>Yes.</td> + </tr> + <tr> + <td>description</td> + <td>The description of the component.</td> + <td>Yes</td> + </tr> + <tr> + <td>publisher</td> + <td>The publisher of the component.</td> + <td>Yes</td> + </tr> + <tr> + <td>archiveLocation</td> + <td>File location of the archive that the SBOM is created + for. Will be used to calculate hashes.</td> + <td>No</td> + </tr> + <tr> + <td>useComponentSupplier</td> + <td>If set to <code>true</code> the supplier of the SBOM's + main component will be used for the SBOM itself.<br/> If + this is <code>true</code> the main component must specify a + supplier. Also you must not use a + nested <code>additionalBomContent/supplier</code> child for + this task if this is + <code>true</code>.</td> + <td>No, defaults to <code>true</code>.</td> + </tr> + <tr> + <td>useComponentManufacturer</td> + <td>If set to <code>true</code> the manufacturer of the SBOM's + main component will be used for the SBOM itself.<br/> If + this is <code>true</code> the main component must specify a + manufacturer. Also you must not use a + nested <code>additionalBomContent/manufacturer</code> child + for this task if this is + <code>true</code>.</td> + <td>No, defaults to <code>true</code>.</td> + </tr> + <tr> + <td>supplierIsManufacturer</td> + <td>Whether the nested component's <code>supplier</code> shall + be used as manufacturer as well.</td> + <td>No - defaults to <code>true</code>. Must not + be <code>true</code> if a + nested <code>additionalComponentChildren/manufacturer</code> + exists.</td> + </tr> + </table> + + <h3>Nested elements</h3> + + <h4 id="archiveContent">archiveContent</h4> + + <p>At least one nested <code>archiveContent</code> nested element + is required.</p> + + <p><code>archiveContent</code> is a container for arbitrary + resources or resource collections. Only file-system resources + are allowed.</p> + + <p>Each file contained in the nested children will be added as + component of type <code>file</code> to the SBOM. The name will + be the (relative) file name and hashes are calculated.</p> + + <p>This maps + to <code>componentbom</code>'s <a href="componentbom.html#pureFileComponents">pureFileComponents</a>.</p> + + <h4 id="additionalComponentChildren">additionalComponentChildren</h4> + + <p>Is a container for arbitrary nested elements + a <a href="component.html">component</a> supports. The nested + element specified here are added to the SBOM's main + component.</p> + + <h4 id="additionalBomContent">additionalBomContent</h4> + + <p>Is a container for arbitrary nested elements + the <a href="componentbom.html">componentbom</a> task + supports..</p> + + <h3>Examples</h3> + + <p>The following task could be used to create the SBOM of the + source tarball of this Ant library:</p> + + <pre> + <cdx:archivebom + bomName="ant-cyclonedx-${artifact.version}-src.tar.cdx" + outputdirectory="${output}" + format="all" + purl="ant-cyclonedx-src.tar" + archiveVersion="${artifact.version}" + description="Apache CycloneDX Antlib Source Distribution" + publisher="The Apache Software Foundation" + xmlns:cdx="antlib:org.apache.ant.cyclonedx"> + <additionalComponentChildren> + <manufacturer refid="ant-team"/> + <license refid="apache-2"/> + <externalReferenceSet refid="antlib-ext-refs"/> + </additionalComponentChildren> + <archiveContent> + <fileset dir="../../.."> + <exclude name="build/"/> + <exclude name="docs/style.css"/> + <exclude name="ivy/"/> + <exclude name="lib/"/> + <exclude name="target/"/> + <exclude name="examples/"/> + </fileset> + </archiveContent> + <additionalBomContent> + <license refid="apache-2"/> + </additionalBomContent> + </cdx:archivebom> + </pre> + </body> +</html> diff --git a/docs/componentbom.html b/docs/componentbom.html index 5858ada..ad77138 100644 --- a/docs/componentbom.html +++ b/docs/componentbom.html @@ -183,7 +183,7 @@ <h3>Examples</h3> <pre> <cdx:componentbom - bomName="ant-cyclonedx-${artifact.version}-src.tar-cyclonedx" + bomName="ant-cyclonedx-${artifact.version}-src.tar.cdx" outputdirectory="${output}" format="all" useComponentSupplier="true" diff --git a/docs/index.html b/docs/index.html index 698e5c3..c3ee445 100644 --- a/docs/index.html +++ b/docs/index.html @@ -66,6 +66,10 @@ <h2>Tasks and Types provided by this Ant Library</h2> because you are publishing multiple components or package them in multiple artifacts for example.</p> + <p>The <a href="archivebom.html">archivebom</a> task is a + specialization of componentbom for zips or tarballs of software + artifacts.</p> + <p>The types provided by the library are:</p> <ul> <li><a href="component.html">component</a></li> diff --git a/src/main/org/apache/ant/cyclonedx/antlib.xml b/src/main/org/apache/ant/cyclonedx/antlib.xml index 82a7f72..42a9c13 100644 --- a/src/main/org/apache/ant/cyclonedx/antlib.xml +++ b/src/main/org/apache/ant/cyclonedx/antlib.xml @@ -17,7 +17,7 @@ KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> -<antlib xmlns:cdx="ant:current"> +<antlib xmlns:cdx="ant:current" xmlns:unless="ant:unless"> <taskdef name="componentbom" classname="org.apache.ant.cyclonedx.ComponentBomTask"/> <typedef name="component" @@ -32,4 +32,53 @@ under the License. classname="org.apache.ant.cyclonedx.PropertySet"/> <typedef name="fsonlymappedresources" classname="org.apache.ant.cyclonedx.FilesystemOnlyMappedResourceCollection"/> + + <!-- extracted after writing very similar macros for antlibs, Ivy + and Ant itself --> + <macrodef name="archivebom" backtrace="false"> + <attribute name="specVersion" default="1.6"/> + <attribute name="format" default="json"/> + <attribute name="bomName" default="bom"/> + <attribute name="outputDirectory" default="${basedir}"/> + <attribute name="useComponentManufacturer" default="true"/> + <attribute name="useComponentSupplier" default="true"/> + + <attribute name="componentType" default="file"/> + <attribute name="archiveVersion"/> + <attribute name="purl"/> + <attribute name="description"/> + <attribute name="publisher"/> + <attribute name="supplierIsManufacturer" default="true"/> + + <attribute name="archiveLocation" default=""/> + + <element name="archiveContent"/> + <element name="additionalComponentChildren" optional="true"/> + <element name="additionalBomContent" optional="true"/> + <sequential> + <cdx:componentbom + specVersion="@{specVersion}" + bomName="@{bomName}" + outputdirectory="@{outputDirectory}" + format="@{format}" + useComponentManufacturer="@{useComponentManufacturer}" + useComponentSupplier="@{useComponentSupplier}"> + <component + version="@{archiveVersion}" + purl="@{purl}" + name="@{purl}" + description="@{description}" + publisher="@{publisher}" + type="@{componentType}" + supplierIsManufacturer="@{supplierIsManufacturer}"> + <file file="@{archiveLocation}" unless:blank="@{archiveLocation}"/> + <additionalComponentChildren/> + </component> + <pureFileComponents> + <archiveContent/> + </pureFileComponents> + <additionalBomContent/> + </cdx:componentbom> + </sequential> + </macrodef> </antlib> diff --git a/src/tests/antunit/archivebom-test.xml b/src/tests/antunit/archivebom-test.xml new file mode 100644 index 0000000..947b940 --- /dev/null +++ b/src/tests/antunit/archivebom-test.xml @@ -0,0 +1,141 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project name="archivebom-test" default="antunit"> + + <import file="shared.xml" /> + + <target name="testAntlibsSourceTarball" depends="commonReferences"> + <tar destfile="${output}/ant-cyclonedx-${artifact.version}-src.tar"> + <fileset dir="../../.." id="sources"> + <exclude name="build/"/> + <exclude name="docs/style.css"/> + <exclude name="ivy/"/> + <exclude name="lib/"/> + <exclude name="target/"/> + <exclude name="examples/"/> + </fileset> + </tar> + <checksum property="archive.sha256" + file="${output}/ant-cyclonedx-${artifact.version}-src.tar" + algorithm="SHA-256"/> + <cdx:archivebom + archiveVersion="${artifact.version}" + format="xml" + bomName="ant-cyclonedx-${artifact.version}-src.tar.cdx" + purl="ant-cyclonedx-src.tar" + description="Apache CycloneDX Antlib Source Distribution" + publisher="The Apache Software Foundation" + outputdirectory="${output}" + archiveLocation="${output}/ant-cyclonedx-${artifact.version}-src.tar" + xmlns:cdx="antlib:org.apache.ant.cyclonedx"> + <additionalComponentChildren> + <supplier refid="ant-team"/> + <license refid="apache-2"/> + <externalReferenceSet refid="antlib-ext-refs"/> + </additionalComponentChildren> + <archiveContent> + <fileset refid="sources"/> + </archiveContent> + <additionalBomContent> + <license refid="apache-2"/> + </additionalBomContent> + </cdx:archivebom> + <xmlproperty file="${output}/ant-cyclonedx-${artifact.version}-src.tar.cdx.xml"/> + <au:assertPropertyEquals + xmlns:au="antlib:org.apache.ant.antunit" + name="bom.metadata.component(type)" + value="file"/> + <au:assertPropertyEquals + xmlns:au="antlib:org.apache.ant.antunit" + name="bom.metadata.component(bom-ref)" + value="ant-cyclonedx-src.tar"/> + <au:assertPropertyEquals + xmlns:au="antlib:org.apache.ant.antunit" + name="bom.metadata.component.purl" + value="ant-cyclonedx-src.tar"/> + <au:assertPropertyEquals + xmlns:au="antlib:org.apache.ant.antunit" + name="bom.metadata.component.name" + value="ant-cyclonedx-src.tar"/> + <au:assertPropertyEquals + xmlns:au="antlib:org.apache.ant.antunit" + name="bom.metadata.component.version" + value="${artifact.version}"/> + <au:assertPropertySet + xmlns:au="antlib:org.apache.ant.antunit" + name="bom.metadata.component.hashes.hash"/> + <au:assertResourceContains + xmlns:au="antlib:org.apache.ant.antunit" + resource="${output}/ant-cyclonedx-${artifact.version}-src.tar.cdx.xml" + value='<hash alg="SHA-256">${archive.sha256}</hash>'/> + <copy todir="${java.io.tmpdir}"> + <fileset dir="${output}" includes="ant-cyclonedx*"/> + </copy> + </target> + + <target name="testArchiveLocationIsOptional"> + <cdx:archivebom + archiveVersion="${artifact.version}" + format="all" + bomName="ant-cyclonedx-${artifact.version}-src.tar.cdx" + purl="ant-cyclonedx-src.tar" + description="Apache CycloneDX Antlib Source Distribution" + publisher="The Apache Software Foundation" + outputdirectory="${output}" + supplierIsManufacturer="false" + useComponentSupplier="false" + useComponentManufacturer="false" + xmlns:cdx="antlib:org.apache.ant.cyclonedx"> + <archiveContent> + <fileset dir="../../.." id="sources"> + <exclude name="build/"/> + <exclude name="docs/style.css"/> + <exclude name="ivy/"/> + <exclude name="lib/"/> + <exclude name="target/"/> + <exclude name="examples/"/> + </fileset> + </archiveContent> + </cdx:archivebom> + <xmlproperty file="${output}/ant-cyclonedx-${artifact.version}-src.tar.cdx.xml"/> + <au:assertPropertyNotSet + xmlns:au="antlib:org.apache.ant.antunit" + name="bom.metadata.component.hashes.hash"/> + </target> + + <target name="testOutputDirectoryDefaultsToBaseDir" depends="commonReferences"> + <cdx:archivebom + archiveVersion="1.0" + purl="foo.tar.gz" + description="test" + publisher="test" + xmlns:cdx="antlib:org.apache.ant.cyclonedx"> + <archivecontent/> + <additionalComponentChildren> + <supplier refid="ant-team"/> + </additionalComponentChildren> + </cdx:archivebom> + <condition property="file-exists"> + <available file="bom.json"/> + </condition> + <delete file="bom.json" failonerror="false" deleteonexit="true"/> + <au:assertPropertySet name="file-exists" + xmlns:au="antlib:org.apache.ant.antunit"/> + </target> + +</project> diff --git a/src/tests/antunit/distributionbom-test.xml b/src/tests/antunit/distributionbom-test.xml deleted file mode 100644 index 81a9fd7..0000000 --- a/src/tests/antunit/distributionbom-test.xml +++ /dev/null @@ -1,102 +0,0 @@ -<?xml version="1.0"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - https://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<project name="distributionbom-test" default="antunit"> - - <import file="shared.xml" /> - - <target name="setUp" depends="shared.setUp"> - <!-- this is a candidate for becoming a atask of the Antlib but - things are a bit unstable right now --> - <macrodef name="distributionbom" backtrace="false"> - <attribute name="version"/> - <attribute name="archiveName"/> - <attribute name="archiveUrl"/> - <attribute name="archiveLocation" default=""/> - <attribute name="outputDirectory"/> - <attribute name="description"/> - <attribute name="publisher"/> - <attribute name="componentType" default="file"/> - <attribute name="format" default="all"/> - <attribute name="useComponentSupplier" default="true"/> - <attribute name="useComponentManufacturer" default="true"/> - <attribute name="supplierIsManufacturer" default="true"/> - <element name="archiveContent"/> - <element name="componentChildren" optional="true"/> - <element name="additionalBomContent" optional="true"/> - <sequential - xmlns:cdx="antlib:org.apache.ant.cyclonedx"> - <cdx:componentbom - bomName="@{archiveName}.cyclonedx" - outputdirectory="@{outputDirectory}" - format="@{format}" - useComponentSupplier="@{useComponentSupplier}" - useComponentManufacturer="@{useComponentManufacturer}"> - <component - version="@{version}" - purl="@{archiveUrl}" - name="@{archiveUrl}" - description="@{description}" - publisher="@{publisher}" - type="@{componentType}" - supplierIsManufacturer="@{supplierIsManufacturer}"> - <file file="@{archiveLocation}" - unless:blank="@{archiveLocation}" xmlns:unless="ant:unless"/> - <componentChildren/> - </component> - <pureFileComponents> - <archiveContent/> - </pureFileComponents> - <additionalBomContent/> - </cdx:componentbom> - </sequential> - </macrodef> - </target> - - <target name="testAntlibsSourceTarball" depends="commonReferences"> - <distributionbom - version="${artifact.version}" - archiveName="ant-cyclonedx-${artifact.version}-src.tar" - archiveUrl="ant-cyclonedx-src.tar" - description="Apache CycloneDX Antlib Source Distribution" - publisher="The Apache Software Foundation" - outputdirectory="${output}"> - <componentChildren> - <supplier refid="ant-team"/> - <license refid="apache-2"/> - <externalReferenceSet refid="antlib-ext-refs"/> - </componentChildren> - <archiveContent> - <fileset dir="../../.."> - <exclude name="build/"/> - <exclude name="docs/style.css"/> - <exclude name="ivy/"/> - <exclude name="lib/"/> - <exclude name="target/"/> - <exclude name="examples/"/> - </fileset> - </archiveContent> - <additionalBomContent> - <license refid="apache-2"/> - </additionalBomContent> - </distributionbom> - <copy todir="${java.io.tmpdir}"> - <fileset dir="${output}" includes="ant-cyclonedx*"/> - </copy> - </target> - -</project>
