v4.0 (#321)

This became a so-called **meta-package**, it does not ship any own functionality, but it is a collection of dependencies.

This package's dependencies are tools with one purpose:
generate _CycloneDX_ Software Bill-of-Materials (SBOM) from _node_-based projects.

* for    _npm_-based projects: [`@cyclonedx/cyclonedx-npm`](https://www.npmjs.com/package/%40cyclonedx/cyclonedx-npm)
* for   _yarn_-based projects: to be announced
* for   _pnpm_-based projects: to be announced
* for _parcel_-based projects: to be announced

You should not depend on this very package, but the actual tool that suites your specific ecosystem.

If you are looking for a JavaScript/TypeScript library for working with CycloneDX, its data models or serialization,
then you might want to try [`@cyclonedx/cyclonedx-library`](https://www.npmjs.com/package/%40cyclonedx/cyclonedx-library).



Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

.dockerignore

@@ -0,0 +1,10 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+[*.{js,json,yml}]
+charset = utf-8
+indent_style = space
+indent_size = 2

.editorconfig

@@ -2,20 +2,9 @@
 
 version: 2
 updates:
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: 'weekly'
-      day: 'saturday'
-
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: 'weekly'
       day: 'saturday'
-
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: 'weekly'
-      day: 'saturday'
+  # this is a meta-package for npm - we dont update our dependencies

.eslintrc.js

@@ -3,118 +3,104 @@
 
 name: Node CI
 
-on: 
+on:
   push:
     branches: ["master"]
   pull_request:
   workflow_dispatch:
 
-
-env:
-  REPORTS_DIR: CI_reports
-  NODE_ACTIVE_LTS: "16"  # https://nodejs.org/en/about/releases/
-
+## As this project is a meta-package, there are no functionalities nor tests.
+## So the only responsibility that must be assured is: this project can be installed under all circumstances.
 jobs:
-  unit-test:
-    name: UnitTest (node${{ matrix.node-version }}, ${{ matrix.os }})
-    timeout-minutes: 30
+  test-npm-install:
+    name: NPM install (node${{ matrix.node-version }}, ${{ matrix.os }})
+    timeout-minutes: 5
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
         os: ["ubuntu-latest", "windows-latest", "macos-latest"]
-        node-version: 
+        node-version:
           # action based on https://github.com/actions/node-versions/releases
           # see also: https://nodejs.org/en/about/releases/
-          - "18"      # current
-          - "16"      # active LTS
-          - "14"
-          - "12"
-          - "12.0.0"  # lowest supported
-    env:
-      REPORTS_ARTIFACT: tests-reports
+          - "18"      # Current
+          - "16"      # Active LTS
+          - "14"      # Maintenance
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
         uses: actions/checkout@v3
-      - name: dir setup
-        run: mkdir ${{ env.REPORTS_DIR }}
       - name: Setup Node.js ${{ matrix.node-version }}
         # see https://github.com/actions/setup-node
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
-          cache: "npm"
-          cache-dependency-path: "**/package-lock.json"
-      - name: display node version
-        run: node --version
       - name: install project
-        run: npm ci
-      - name: setup tests
-        run: npm run setup-tests
-      - name: run tests
         run: >
-          npm run test:jest --
-          --ci
-          --no-cache
-          --all
-          --reporters=default
-          --reporters=jest-junit
-          --coverage
-          --coverageDirectory="$JEST_COVERAGE_OUTPUT_DIR"
-          --coverageReporters="text"
-          --coverageReporters="clover"
-        env:
-          JEST_COVERAGE_OUTPUT_DIR: ${{ env.REPORTS_DIR }}/${{ matrix.os }}_${{ matrix.node-version }}
-          ## see https://www.npmjs.com/package/jest-junit
-          JEST_JUNIT_OUTPUT_DIR: ${{ env.REPORTS_DIR }}/${{ matrix.os }}_${{ matrix.node-version }}
-          JEST_JUNIT_OUTPUT_NAME: junit.xml
-      ## ! no npm build at the moment
-      - name: Artifact reports
-        if: ${{ ! cancelled() }}
-        # see https://github.com/actions/upload-artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: ${{ env.REPORTS_ARTIFACT }}
-          path: ${{ env.REPORTS_DIR }}
-          if-no-files-found: error
-
-  standards:
-    name: Standards
-    timeout-minutes: 30
-    runs-on: "ubuntu-latest"
+          npm install
+          --no-audit
+          --no-package-lock
+          --verbose
+      # proven: the package can be installed. that's enough for a meta-package
+  test-yarn-install:
+    name: YARN install (node${{ matrix.node-version }}, ${{ matrix.os }})
+    timeout-minutes: 5
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ["ubuntu-latest", "windows-latest", "macos-latest"]
+        node-version:
+          # action based on https://github.com/actions/node-versions/releases
+          # see also: https://nodejs.org/en/about/releases/
+          - "18"      # Current
+          - "16"      # Active LTS
+          - "14"      # Maintenance
     steps:
       - name: Checkout
-        # see https://github.com/actions/checkout
+        ## see https://github.com/actions/checkout
         uses: actions/checkout@v3
-      - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
+      - name: Setup Node.js ${{ matrix.node-version }}
         # see https://github.com/actions/setup-node
         uses: actions/setup-node@v3
         with:
-          node-version: ${{ env.NODE_ACTIVE_LTS }}
-          cache: "npm"
-          cache-dependency-path: "**/package-lock.json"
+          node-version: ${{ matrix.node-version }}
       - name: install project
-        run: npm ci
-      - name: run tests
-        run: npm run test:standard
-
-  jsdoc:
-    name: JSDoc
-    timeout-minutes: 30
-    runs-on: "ubuntu-latest"
+        run: > 
+          yarn install
+          --inline-builds
+      # proven: the package can be installed. that's enough for a meta-package
+  test-pnpm-install:
+    name: PNPM install (node${{ matrix.node-version }}, ${{ matrix.os }})
+    timeout-minutes: 5
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ "ubuntu-latest", "windows-latest", "macos-latest" ]
+        node-version:
+          # action based on https://github.com/actions/node-versions/releases
+          # see also: https://nodejs.org/en/about/releases/
+          - "18"      # Current
+          - "16"      # Active LTS
+          - "14"      # Maintenance
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
         uses: actions/checkout@v3
-      - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
+      - name: Setup Node.js ${{ matrix.node-version }}
         # see https://github.com/actions/setup-node
         uses: actions/setup-node@v3
         with:
-          node-version: ${{ env.NODE_ACTIVE_LTS }}
-          cache: "npm"
-          cache-dependency-path: "**/package-lock.json"
+          node-version: ${{ matrix.node-version }}
+      - name: setup pnpm
+        ## see https://github.com/pnpm/action-setup
+        uses: pnpm/[email protected]
+        with:
+          version: latest
       - name: install project
-        run: npm ci
-      - name: generate JSDoc
-        run: npm run generate-jsdocs
+        run: >
+          pnpm install
+          --no-lockfile
+          --verbose
+      # proven: the package can be installed. that's enough for a meta-package