Skip to content

✨ Core v1.7 Enablement #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 21 commits into
base: master
Choose a base branch
from
Open

✨ Core v1.7 Enablement #37

wants to merge 21 commits into from

Conversation

@pboling
Copy link

@pboling pboling commented Oct 26, 2025
edited
Loading

# 📍 NOTE What
1️⃣ #38 is first Modernize gem structure
2️⃣ Then see #37 next Upgrade to v1.7 spec <=== You are here
3️⃣ Then see #39 Add --validate feature
4️⃣ Then see #40 Add --include-metadata feature
  • Add spec version selection end-to-end with a new --spec-version flag (default 1.7).
  • Update JSON and XML outputs to honor the selected spec version.
  • Update fixtures, help text, tests, and docs.

NOTE:

  • Additional fields like bom-ref, publisher, metadata.tools, dependencies are optional and can be added incrementally.

Files:

  • lib/bom_helpers.rb:
    • Added SUPPORTED_SPEC_VERSIONS, cyclonedx_xml_namespace helper. build_bom now accepts spec_version and routes to:
      • build_json_bom(gems, spec_version) sets specVersion to the provided version.
      • build_bom_xml(gems, spec_version) sets xmlns to http://cyclonedx.org/schema/bom/.
  • lib/bom_builder.rb:
    • Added --spec-version with validation; default is 1.7.
    • Pass @spec_version into build_bom(@gems, @bom_output_format, @spec_version).

Copilot AI review requested due to automatic review settings October 26, 2025 00:07
Copilot AI reviewed Oct 26, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enables CycloneDX specification version selection (default 1.7) across the BOM generation pipeline. Users can now specify their desired spec version via a new --spec-version flag, and the output will conform to that version's schema.

  • Added --spec-version flag with validation (supports 1.1–1.7, defaults to 1.7)
  • Updated JSON and XML BOM generation to use the selected spec version
  • Refactored path handling to use absolute paths and improved error message formatting

Reviewed Changes

Copilot reviewed 12 out of 13 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
lib/bom_helpers.rb Added SUPPORTED_SPEC_VERSIONS, cyclonedx_xml_namespace() helper, and propagated spec_version to JSON/XML builders
lib/bom_builder.rb Added --spec-version option parsing, validation, and normalized project path handling; improved backtrace formatting
spec/bom_helpers_spec.rb Added tests verifying spec version is correctly set in JSON and XML outputs
spec/spec_helper.rb Added require 'ostruct' for test utilities
features/step_definitions/json_bom_matching.rb Added .rstrip to normalize trailing whitespace in JSON comparisons
features/help.feature Updated help text to document new --spec-version option
features/json_format.feature Removed trailing blank line
features/fixtures/simple/bom.xml.expected Updated fixture to expect CycloneDX 1.7 namespace
features/fixtures/simple/bom.json.expected Updated fixture to expect specVersion: 1.7
features/fixtures/simple/Gemfile Pinned gem versions for deterministic test output
cyclonedx-ruby.gemspec Updated cucumber and aruba dev dependencies
README.md Documented new --spec-version flag with examples

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pboling pboling marked this pull request as draft October 26, 2025 00:15
@pboling pboling changed the title ✨ Core v1.7 Enablement [WIP] ✨ Core v1.7 Enablement Oct 26, 2025
@pboling pboling mentioned this pull request Oct 26, 2025
Open
@pboling pboling changed the title [WIP] ✨ Core v1.7 Enablement ✨ Core v1.7 Enablement Oct 26, 2025
@pboling pboling marked this pull request as ready for review October 26, 2025 05:15
This was referenced Oct 26, 2025
Open
Open
pboling added 12 commits October 30, 2025 00:59
@pboling
🔨 binstubs: console, setup, rake, rspec, cucumber
6a174b8 
Signed-off-by: Peter H. Boling <[email protected]>
@pboling
🚚 rename LICENSE => LICENSE.txt
76c388f 
Signed-off-by: Peter H. Boling <[email protected]>
@pboling
🎨 modernize dotfiles
6d29520 
- .gitignore
- .rspec

Signed-off-by: Peter H. Boling <[email protected]>
@pboling
🎨 modernize Rakefile
ea1339d 
Signed-off-by: Peter H. Boling <[email protected]>
@pboling
🎨 modernize for 2025
bd7f47f 
### Added

- `CHANGELOG.md` file to document notable changes in keep-a-changelog format
- `Cyclonedx::BomHelpers` module to house helper methods, replacing global methods
- `Cyclonedx::BomBuilder` class, replacing `Bombuilder` (note the capitalization change)
- `Cyclonedx::BomComponent` class, replacing `BomComponent`
- `Cyclonedx::Ruby::Version::VERSION` constant to hold the version number (also available as `Cyclonedx::VERSION`)
- `Cyclonedx::Ruby::Deprecation` module to help manage deprecations

### Changed

- Updated gemspec metadata for clarity and consistency
- Modernized Rakefile, dotfiles, and test setup
- `LICENSE` => `LICENSE.txt` to simplify parsing consistency on various platforms and tools
- `cucumber` v8 => v10
- `aruba` v2.1 => v2.2

### Deprecated

- `BomComponent` => `Cyclonedx::BomComponent`
- `Bombuilder` => `Cyclonedx::BomBuilder` (note the capitalization change)
- `Object.purl` => `Cyclonedx::BomHelpers.purl`
- `Object.random_urn_uuid` => `Cyclonedx::BomHelpers.random_urn_uuid`
- `Object.build_bom` => `Cyclonedx::BomHelpers.build_bom`
- `Object.build_json_bom` => `Cyclonedx::BomHelpers.build_json_bom`
- `Object.build_bom_xml` => `Cyclonedx::BomHelpers.build_bom_xml`
- `Object.get_gem` => `Cyclonedx::BomHelpers.get_gem`

Signed-off-by: Peter H. Boling <[email protected]>
@pboling
🎨 modernize for 2025
378f62e 
### Added

- `CHANGELOG.md` file to document notable changes in keep-a-changelog format
- `Cyclonedx::BomHelpers` module to house helper methods, replacing global methods
- `Cyclonedx::BomBuilder` class, replacing `Bombuilder` (note the capitalization change)
- `Cyclonedx::BomComponent` class, replacing `BomComponent`
- `Cyclonedx::Ruby::Version::VERSION` constant to hold the version number (also available as `Cyclonedx::VERSION`)
- `Cyclonedx::Ruby::Deprecation` module to help manage deprecations

### Changed

- Updated gemspec metadata for clarity and consistency
- Modernized Rakefile, dotfiles, and test setup
- `LICENSE` => `LICENSE.txt` to simplify parsing consistency on various platforms and tools
- `cucumber` v8 => v10
- `aruba` v2.1 => v2.2

### Deprecated

- `BomComponent` => `Cyclonedx::BomComponent`
- `Bombuilder` => `Cyclonedx::BomBuilder` (note the capitalization change)
- `Object.purl` => `Cyclonedx::BomHelpers.purl`
- `Object.random_urn_uuid` => `Cyclonedx::BomHelpers.random_urn_uuid`
- `Object.build_bom` => `Cyclonedx::BomHelpers.build_bom`
- `Object.build_json_bom` => `Cyclonedx::BomHelpers.build_json_bom`
- `Object.build_bom_xml` => `Cyclonedx::BomHelpers.build_bom_xml`
- `Object.get_gem` => `Cyclonedx::BomHelpers.get_gem`

### Fixed

- `Nokogiri::XML::Builder` context relies on `method_missing`
  - Globally defined `Object#purl` conflicted with `<purl>`.
  - Moved to `Cyclonedx::BomHelpers.purl` to avoid conflict in v2.0.0 (along with all other global methods)
  - Fixed existing usage via the built-in Nokogiri workaround of adding an underscore `purl_`
  - The XML tag is unchanged as `<purl>`

Signed-off-by: Peter H. Boling <[email protected]>
@pboling
⚡️ Frozen Strings (performance benefit)
c91de22 
Signed-off-by: Peter H. Boling <[email protected]>
@pboling
⏪️ Revert accidental changes
cbd8f71 
Signed-off-by: Peter H. Boling <[email protected]>
@pboling
🚨 Linting
dded808 
Signed-off-by: Peter H. Boling <[email protected]>
@pboling
🔒️ Signed releases, checksums & CONTRIBUTING.md
14413f0 
Signed-off-by: Peter H. Boling <[email protected]>
@pboling
👷 Update build matrix (light)
9980c19 
- Bigger build matrix changes are needed to continue running against older bunlders.
- will introduce the appraisal pattern later

Signed-off-by: Peter H. Boling <[email protected]>
@pboling
🔨 binstub: gem_checksums
e0de431 
Signed-off-by: Peter H. Boling <[email protected]>
@pboling pboling requested a review from a team as a code owner October 30, 2025 07:34
@pboling
🔥 Remove gem release signing logic
a5df2d4 
Signed-off-by: Peter H. Boling <[email protected]>
@pboling
🔥 Remove documentation uri
b2182d3 
Signed-off-by: Peter H. Boling <[email protected]>
@pboling
✨ Core v1.7 Enablement
ad186ab 
- Add spec version selection end-to-end with a new --spec-version flag (default 1.7).
- Update JSON and XML outputs to honor the selected spec version.
- Update fixtures, help text, tests, and docs.

Files:
- lib/bom_helpers.rb:
  - Added SUPPORTED_SPEC_VERSIONS, cyclonedx_xml_namespace helper.
build_bom now accepts spec_version and routes to:
    - build_json_bom(gems, spec_version) sets specVersion to the provided version.
    - build_bom_xml(gems, spec_version) sets xmlns to http://cyclonedx.org/schema/bom/<version>.</version>
- lib/bom_builder.rb:
  - Added --spec-version with validation; default is 1.7.
  - Pass @spec_version into build_bom(@Gems, @bom_output_format, @spec_version).

Signed-off-by: Peter H. Boling <[email protected]>
@pboling
🙈 Ignore .idea
86a28e6 
Signed-off-by: Peter H. Boling <[email protected]>
@pboling
✏️ Fix typo
2144134 
Signed-off-by: Peter H. Boling <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pboling @jkowalleck