Merge branch 'main' into deps/cyclonedx-python-lib_11

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

.github/workflows/docker.yml

@@ -1,3 +1,20 @@
+# This file is part of CycloneDX Python
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+
 # For details of what checks are run for PRs please refer below
 # docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions
 
@@ -31,7 +48,7 @@ jobs:
     steps:
       - name: Checkout code
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
       - name: setup reports-dir
@@ -41,7 +58,6 @@ jobs:
         uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION }}
-          architecture: 'x64'
       - name: Setup poetry ${{ env.POETRY_VERSION }}
         # see https://github.com/marketplace/actions/setup-poetry
         uses: Gr1N/setup-poetry@v9

.github/workflows/python.yml

@@ -1,5 +1,3 @@
-# encoding: utf-8
-
 # This file is part of CycloneDX Python
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -17,6 +15,9 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright (c) OWASP Foundation. All Rights Reserved.
 
+# For details of what checks are run for PRs please refer below
+# docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions
+
 name: Python CI
 
 on:
@@ -51,13 +52,12 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
-          architecture: 'x64'
       - name: Install poetry
         # see https://github.com/marketplace/actions/setup-poetry
         uses: Gr1N/setup-poetry@v9
@@ -75,13 +75,12 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
-          architecture: 'x64'
       - name: Install poetry
         # see https://github.com/marketplace/actions/setup-poetry
         uses: Gr1N/setup-poetry@v9
@@ -99,13 +98,12 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
-          architecture: 'x64'
       - name: Install poetry
         # see https://github.com/marketplace/actions/setup-poetry
         uses: Gr1N/setup-poetry@v9
@@ -133,13 +131,12 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
-          architecture: 'x64'
       - name: Install poetry
         # see https://github.com/marketplace/actions/setup-poetry
         uses: Gr1N/setup-poetry@v9
@@ -157,13 +154,12 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
-          architecture: 'x64'
       - name: Install poetry
         # see https://github.com/marketplace/actions/setup-poetry
         uses: Gr1N/setup-poetry@v9
@@ -191,13 +187,12 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
-          architecture: 'x64'
       - name: Install self
         run: pip install .
       - name: run command
@@ -228,20 +223,30 @@ jobs:
         include:
           - os: macos-13
             python-version: "3.10"
+            unittest-args: []
           - os: macos-13
             python-version: "3.9"
+            unittest-args: []
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Create reports directory
         run: mkdir ${{ env.REPORTS_DIR }}
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
-          architecture: 'x64'
+      - name: craft PY_UT_ARGS
+        shell: python
+        run: |-
+          import sys, os
+          PY_UT_ARGS=[]
+          if sys.version_info >= (3, 12):
+            PY_UT_ARGS.append('--durations=0')
+          with open(os.environ['GITHUB_ENV'], 'a') as env_file:
+            env_file.write(f'PY_UT_ARGS={" ".join(PY_UT_ARGS)}\n')
       - name: Install poetry
         # see https://github.com/marketplace/actions/setup-poetry
         uses: Gr1N/setup-poetry@v9
@@ -252,7 +257,7 @@ jobs:
       - name: Ensure build successful
         run: poetry build
       - name: Run tox
-        run: poetry run tox r -e py -s false
+        run: poetry run -- tox r -e py -s false -- $PY_UT_ARGS
       - name: Generate coverage reports
         if: ${{ failure() || success() }}
         shell: bash
@@ -277,7 +282,7 @@ jobs:
     steps:
       - name: fetch test artifacts
         # see https://github.com/actions/download-artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           pattern: '${{ env.TESTS_REPORTS_ARTIFACT }}_bnt_*'
           merge-multiple: true

.github/workflows/release.yml

@@ -1,3 +1,23 @@
+# This file is part of CycloneDX Python
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) OWASP Foundation. All Rights Reserved.
+
+# For details of what checks are run for PRs please refer below
+# docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions
+
 name: Release
 
 on:
@@ -51,13 +71,12 @@ jobs:
     steps:
       - name: Checkout code
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
-          architecture: 'x64'
       - name: Install poetry
         # see https://github.com/marketplace/actions/setup-poetry
         uses: Gr1N/setup-poetry@v9
@@ -75,13 +94,12 @@ jobs:
     steps:
       - name: Checkout
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Python Environment
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
-          architecture: 'x64'
       - name: Install poetry
         # see https://github.com/marketplace/actions/setup-poetry
         uses: Gr1N/setup-poetry@v9
@@ -114,15 +132,14 @@ jobs:
     steps:
       - name: Checkout code
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
       - name: Setup python
         # see https://github.com/actions/setup-python
         uses: actions/setup-python@v5
         with:
           python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
-          architecture: 'x64'
       - name: Install and configure Poetry
         # See https://github.com/marketplace/actions/install-poetry-action
         uses: snok/install-poetry@v1
@@ -203,7 +220,7 @@ jobs:
           echo "GHCR_REPO=${GHCR_REPO@L}" >> "${GITHUB_ENV}"
       - name: Checkout code (${{ env.TAG }})
         # see https://github.com/actions/checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ needs.release-PyPI.outputs.tag }}
       - name: setup dirs
@@ -212,7 +229,7 @@ jobs:
           mkdir "$DIST_DIR"
       - name: Fetch python dist artifact
         # see https://github.com/actions/download-artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: ${{ env.DIST_ARTIFACT }}
           path: ${{ env.DIST_DIR }}/

pyproject.toml

@@ -96,6 +96,8 @@ tomli = { version = "^2.0.1", python = "<3.11" }
 tox = "4.27.0"
 pyupgrade = "3.20.0"
 deptry = "0.23.0"
+# for tests, use the GPL-version of jsonschema format validators - they are faster
+jsonschema = { version = "*", extras = ["format"] }
 
 # min version required to be able to install some dependencies
 # see https://github.com/MichaelKim0407/flake8-use-fstring/issues/33

tox.ini

@@ -23,10 +23,10 @@ allowlist_externals = poetry
 ## deps = poetry ## << this one caused https://github.com/python-poetry/poetry/issues/6288
 commands_pre =
     {envpython} --version
-    poetry install --no-root -v
+    # poetry install --no-root -v
     poetry run pip freeze
 commands =
-    poetry run coverage run --source=cyclonedx_py -m unittest discover -t . -s tests -v
+    poetry run coverage run --source=cyclonedx_py -m unittest discover -t . -s tests -v {posargs}
 setenv =
     PYTHONHASHSEED=0
     CDX_TEST_RECREATE_SNAPSHOTS={env:CDX_TEST_RECREATE_SNAPSHOTS:}