Metadata not correct if used with conanfile.py

[weichslgartner]

When the conan project uses a conanfile.py instead of conanfile.txt the metadata is not correct.
With the following conanfile.py:

import os
from conans import ConanFile, CMake

class TestConan(ConanFile):
    name = "conan-test"
    version = "1.0.0"
    author = "John J. Smith (john.smith@company.com)"
    license = "MIT"
    settings = "os", "compiler", "build_type", "arch"
    generators = "cmake", "cmake_find_package"

    def requirements(self):
        self.requires("fmt/8.0.0")
        if os.environ.get("build_flag"):
            self.requires("ms-gsl/3.1.0")

it produce the following output (with command cyclonedx-conan conanfile.py):

{
  "bomFormat": "CycloneDX",
  "specVersion": "1.3",
  "serialNumber": "urn:uuid:7d5b053a-fa8b-44ac-9f2b-0bff188f01cc",
  "version": 1,
  "metadata": {
    "component": {
      "bom-ref": "unknown@0.0.0",
      "type": "application",
      "name": "unknown",
      "version": "0.0.0"
    }
  },
  "components": [
    {
      "bom-ref": "pkg:conan/conan-test@1.0.0?repository_url=localhost",
      "type": "library",
      "name": "conan-test",
      "version": "1.0.0",
      "purl": "pkg:conan/conan-test@1.0.0?repository_url=localhost"
    },
    {
      "bom-ref": "pkg:conan/fmt@8.0.0?repository_url=https://center.conan.io",
      "type": "library",
      "name": "fmt",
      "version": "8.0.0",
      "purl": "pkg:conan/fmt@8.0.0?repository_url=https://center.conan.io"
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:conan/conan-test@1.0.0?repository_url=localhost",
      "dependsOn": [
        "pkg:conan/fmt@8.0.0?repository_url=https://center.conan.io"
      ]
    },
    {
      "ref": "pkg:conan/fmt@8.0.0?repository_url=https://center.conan.io",
      "dependsOn": []
    }
  ]
}

"name" and "version" attributes are set not correctly as node.ref is None is never true.
I also think if the name is defined in the conanfile.py it is better to directly get this attribute from the conanfile instead from the folder name.

I tried to address this issue here:
https://github.com/weichslgartner/cyclonedx-conan/blob/a119c52ba1c6887787b24853a6d2d646d0e78911/src/command.py#L141

It should still work with conanfile.txt as shown in this test:
https://github.com/weichslgartner/cyclonedx-conan/blob/main/tests/test_command.py

I am happy to contribute a PR and open for feedback.

[andreas-hilti]

@weichslgartner I agree with you that the check for the root component:

node.ref is None

is wrong in combination with a conanfile.py.

#103 would be my proposal to fix it. It tries to stick with the original logic as much as possible, and it should then also produce correct "components" and "dependencies".

In addition, you also need to be careful as not all values (name, version, license, etc.) need to be specified in the conanfile.py

[weichslgartner]

@andreas-hilti I agree with you, additional fields from the conanfile.py should be also a separate PR. I will add additional checks (at the moment missing values are set to None, which would work for my use-case). Your PR is fine for solving this issue.