From ce23b0f73f65a868b74de47a50d1e383a6f705d6 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Mon, 23 Sep 2024 11:08:18 +0200 Subject: [PATCH 1/2] chore: trusted publishing Signed-off-by: Jan Kowalleck --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 50202425..90be2059 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -120,7 +120,7 @@ jobs: # see https://github.com/pypa/gh-action-pypi-publish uses: pypa/gh-action-pypi-publish@release/v1 with: - password: ${{ secrets.PYPI_TOKEN }} + attestations: true - name: Publish package distributions to GitHub Releases if: steps.release.outputs.released == 'true' From ea12771edfe3722ec07440e7b2e2a8c4b6290145 Mon Sep 17 00:00:00 2001 From: semantic-release Date: Mon, 23 Sep 2024 09:14:06 +0000 Subject: [PATCH 2/2] chore(release): 8.0.0-alpha.1 Automatically generated by python-semantic-release Signed-off-by: semantic-release --- CHANGELOG.md | 114 ++++++++++++++++++++++++++++++++++++++++++ cyclonedx/__init__.py | 2 +- docs/conf.py | 2 +- pyproject.toml | 2 +- 4 files changed, 117 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 000aad78..1c1ecc31 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,98 @@ +## v8.0.0-alpha.1 (2024-09-23) + +### Chore + +* chore: trusted publishing + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`ce23b0f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/ce23b0f73f65a868b74de47a50d1e383a6f705d6)) + +### Fix + +* fix: assert copyright headers + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`bef268b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bef268b7abe2c3f343274d7789906c99c80e9df9)) + +### Unknown + +* Merge branch 'main' into 8.0.0-dev + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`39514b3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/39514b331eef98fbf5208ead341060831f8acddf)) + +* Merge branch 'main' into 8.0.0-dev ([`c123aff`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c123aff4bd479ec0f5f1982725ffe8901afb87c9)) + + ## v7.6.1 (2024-09-18) +### Breaking + +* feat!: this-builder (#649) + +reworked `ThisTool` for #635 + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`cf5d2c7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cf5d2c7e43883967c5d5837f465ecac5a8cc034e)) + +* refactor!: `LicenseExpression()` optional args are named args (#595) + +fixes #594 + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`0172564`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0172564d5f9529e7ce543da434969b552833de31)) + +* feat!: Add component and services for tools (#635) + +CycloneDX spec 1.5 deprecated an array of tools in bom.metadata and +instead prefers object with an array of components and an array of +services. + +This PR implements that. + +This works de-serializing a Syft SBOM with a tool section like so: +``` + "metadata": { + "timestamp": "2024-06-10T13:06:52-08:00", + "tools": { + "components": [ + { + "type": "application", + "author": "anchore", + "name": "syft", + "version": "1.4.1" + } + ] + }, + "component": { + "bom-ref": "08329a07b4eb8eac", + "type": "file", + "name": "./" + } + }, +``` +Next up: docs, XML (de)serialization code, and tests. + +fixes #561 + +--------- + +Signed-off-by: Joshua Kugler <tek30584@adobe.com> +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> +Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1f5fd7a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1f5fd7a6be94d93d2260622d39ea01cd74614402)) + +* feat!: 8.0.0 + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`9ba4b8e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9ba4b8e5d255c8dba51df214786328bfa700291c)) + +### Feature + +* feat: don't add self to `metafata.tools` (#674) + +fixes #673 + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e0a153f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e0a153fbd553dcf29343d72e361c1cc9122c63b4)) + ### Fix * fix: file copyright headers (#676) @@ -14,6 +104,30 @@ correct headers Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`35e00b4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/35e00b4ee5a9306b9e97b011025409bcbfcef309)) +### Refactor + +* refactor: simplify `.builder.this.this_tool` + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`9940cf9`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9940cf95e619d67a2a15ff7e6784513059e6ab5e)) + +### Unknown + +* Merge branch 'main' into 8.0.0-dev ([`3d1548a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3d1548abf5db45764a22fcca96493574f96ff693)) + +* Merge branch 'main' into 8.0.0-dev + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`735c800`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/735c8003ce88b0c6efa802ccd806f17d22b4df89)) + +* tests: test builder this (#675) + +QA for https://github.com/CycloneDX/cyclonedx-python-lib/pull/649 + +--------- + +Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e4ad3bc`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e4ad3bce1f97f77d7c3468765e47dd15929cbbcd)) + +* Merge branch 'main' into 8.0.0-dev ([`0ec785d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0ec785d29abcc215a5a0f6feec9bf16b0994cc92)) + ## v7.6.0 (2024-08-14) diff --git a/cyclonedx/__init__.py b/cyclonedx/__init__.py index ebd01a59..67f6c34a 100644 --- a/cyclonedx/__init__.py +++ b/cyclonedx/__init__.py @@ -22,4 +22,4 @@ # !! version is managed by semantic_release # do not use typing here, or else `semantic_release` might have issues finding the variable -__version__ = "7.6.1" # noqa:Q000 +__version__ = "8.0.0-alpha.1" # noqa:Q000 diff --git a/docs/conf.py b/docs/conf.py index a3acd4c8..fd27d896 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -20,7 +20,7 @@ # The full version, including alpha/beta/rc tags # !! version is managed by semantic_release -release = '7.6.1' +release = '8.0.0-alpha.1' # -- General configuration --------------------------------------------------- diff --git a/pyproject.toml b/pyproject.toml index 9614200f..9470f8df 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,7 +5,7 @@ build-backend = "poetry.core.masonry.api" [tool.poetry] name = "cyclonedx-python-lib" # !! version is managed by semantic_release -version = "7.6.1" +version = "8.0.0-alpha.1" description = "Python library for CycloneDX" authors = [ "Paul Horton ",