🎨 modernize for 2025 (chores & slight refactoring) #38
Conversation
pboling
changed the title
There was a problem hiding this comment.
Pull Request Overview
This PR modernizes the cyclonedx-ruby gem for 2025 by refactoring the codebase to use proper namespacing under the Cyclonedx module, introducing a deprecation system for backward compatibility, and updating dependencies. The changes prepare for a v2.0.0 release while maintaining compatibility with existing code through deprecated aliases.
Key changes:
- Refactored global methods and classes into the
Cyclonedxnamespace with deprecation warnings for legacy usage - Fixed Nokogiri XML builder conflict with globally-scoped
purlmethod - Updated development dependencies (cucumber v8→v10, aruba v2.1→v2.2)
Reviewed Changes
Copilot reviewed 25 out of 34 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| lib/cyclonedx/ruby.rb | New main entry point that requires all Cyclonedx module components |
| lib/cyclonedx/bom_helpers.rb | Refactored helper methods into Cyclonedx::BomHelpers module |
| lib/cyclonedx/bom_component.rb | Moved BomComponent class into Cyclonedx namespace |
| lib/cyclonedx/bom_builder.rb | Moved Bombuilder class into Cyclonedx namespace as BomBuilder |
| lib/cyclonedx/ruby/version.rb | New version constant structure |
| lib/cyclonedx/ruby/deprecation.rb | New deprecation management module |
| lib/cyclonedx_deprecated.rb | Compatibility layer providing deprecated aliases |
| lib/bom_*.rb | Legacy entry points now redirect to new namespaced code |
| spec/spec_helper.rb | Updated test configuration and loading logic |
| spec/cyclonedx/*.rb | New namespaced test files |
| cyclonedx-ruby.gemspec | Updated metadata and dependency versions |
| exe/cyclonedx-ruby | Updated executable with backward compatibility logic |
| CHANGELOG.md | New changelog documenting all changes |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
some SCA is failing: https://app.codacy.com/gh/CycloneDX/cyclonedx-ruby-gem/pull-requests/38/issues |
|
@jkowalleck there are 10 minor and 60 medium SCA violations. I'd like to focus on this PR not changing much runtime logic. Would you prefer to fix them in a separate PR, or just the medium ones here, or all of them here? |
I dont know whether the SCA issue already existed, and were reported only because the code moved from one file to another. |
|
there seams to be some CI/CT failing. |
|
Looking into the CI failures, and will fix the license link in README, and add CONTRIBUTING.md. I looked at other projects in this org, and it seems the are using contributor covenant v2.0. So following that pattern I'm adding contributor covenant v2.1, using the same contact email as the other projects have. |
|
I’d like to see this work integrated too. Thanks @pboling! one request: remove unnecessary 3rd party dependencies. No real reason this lib needs nokogiri or rest-client. |
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
- .gitignore - .rspec Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
### Added - `CHANGELOG.md` file to document notable changes in keep-a-changelog format - `Cyclonedx::BomHelpers` module to house helper methods, replacing global methods - `Cyclonedx::BomBuilder` class, replacing `Bombuilder` (note the capitalization change) - `Cyclonedx::BomComponent` class, replacing `BomComponent` - `Cyclonedx::Ruby::Version::VERSION` constant to hold the version number (also available as `Cyclonedx::VERSION`) - `Cyclonedx::Ruby::Deprecation` module to help manage deprecations ### Changed - Updated gemspec metadata for clarity and consistency - Modernized Rakefile, dotfiles, and test setup - `LICENSE` => `LICENSE.txt` to simplify parsing consistency on various platforms and tools - `cucumber` v8 => v10 - `aruba` v2.1 => v2.2 ### Deprecated - `BomComponent` => `Cyclonedx::BomComponent` - `Bombuilder` => `Cyclonedx::BomBuilder` (note the capitalization change) - `Object.purl` => `Cyclonedx::BomHelpers.purl` - `Object.random_urn_uuid` => `Cyclonedx::BomHelpers.random_urn_uuid` - `Object.build_bom` => `Cyclonedx::BomHelpers.build_bom` - `Object.build_json_bom` => `Cyclonedx::BomHelpers.build_json_bom` - `Object.build_bom_xml` => `Cyclonedx::BomHelpers.build_bom_xml` - `Object.get_gem` => `Cyclonedx::BomHelpers.get_gem` Signed-off-by: Peter H. Boling <[email protected]>
### Added - `CHANGELOG.md` file to document notable changes in keep-a-changelog format - `Cyclonedx::BomHelpers` module to house helper methods, replacing global methods - `Cyclonedx::BomBuilder` class, replacing `Bombuilder` (note the capitalization change) - `Cyclonedx::BomComponent` class, replacing `BomComponent` - `Cyclonedx::Ruby::Version::VERSION` constant to hold the version number (also available as `Cyclonedx::VERSION`) - `Cyclonedx::Ruby::Deprecation` module to help manage deprecations ### Changed - Updated gemspec metadata for clarity and consistency - Modernized Rakefile, dotfiles, and test setup - `LICENSE` => `LICENSE.txt` to simplify parsing consistency on various platforms and tools - `cucumber` v8 => v10 - `aruba` v2.1 => v2.2 ### Deprecated - `BomComponent` => `Cyclonedx::BomComponent` - `Bombuilder` => `Cyclonedx::BomBuilder` (note the capitalization change) - `Object.purl` => `Cyclonedx::BomHelpers.purl` - `Object.random_urn_uuid` => `Cyclonedx::BomHelpers.random_urn_uuid` - `Object.build_bom` => `Cyclonedx::BomHelpers.build_bom` - `Object.build_json_bom` => `Cyclonedx::BomHelpers.build_json_bom` - `Object.build_bom_xml` => `Cyclonedx::BomHelpers.build_bom_xml` - `Object.get_gem` => `Cyclonedx::BomHelpers.get_gem` ### Fixed - `Nokogiri::XML::Builder` context relies on `method_missing` - Globally defined `Object#purl` conflicted with `<purl>`. - Moved to `Cyclonedx::BomHelpers.purl` to avoid conflict in v2.0.0 (along with all other global methods) - Fixed existing usage via the built-in Nokogiri workaround of adding an underscore `purl_` - The XML tag is unchanged as `<purl>` Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
pboling
force-pushed
the
fix/nokogiri-incompatible-with-global-purl
branch
from
1352653 to
6ebe091
Compare
Signed-off-by: Peter H. Boling <[email protected]>
pboling
force-pushed
the
fix/nokogiri-incompatible-with-global-purl
branch
2 times, most recently
from
39b4cb3 to
23ef3f8
Compare
- Bigger build matrix changes are needed to continue running against older bunlders. - will introduce the appraisal pattern later Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
|
@jkowalleck this is done, I tihnk. CI matrix should be passing now, and all comments have been addressed. LMK if there is anything else to be done here. I've got a lot more improvements I'd like to make, so these initial 4 PRs are just the beginning. |
|
@mperham - yes, I'll be trimming the dependencies in a future PR. |
Signed-off-by: Jan Kowalleck <[email protected]>
- cleanup spec.files Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
|
@jkowalleck I'm not sure what happened, but it seems the Codacy issues are no longer extant. Maybe the linting auto-fixes resolved them? :) |
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 34 out of 44 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 34 out of 44 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
jkowalleck
changed the title
4 participants
🎨 modernize for 2025
Added
CONTRIBUTING.mdfile to help people find their way to contributingCHANGELOG.mdfile to document notable changes in keep-a-changelog formatCyclonedx::BomHelpersmodule to house helper methods, replacing global methodsCyclonedx::BomBuilderclass, replacingBombuilder(note the capitalization change)Cyclonedx::BomComponentclass, replacingBomComponentCyclonedx::Ruby::Version::VERSIONconstant to hold the version number (also available asCyclonedx::VERSION)Cyclonedx::Ruby::Deprecationmodule to help manage deprecationsstone_checksumsChanged
LICENSE=>LICENSE.txtto simplify parsing consistency on various platforms and toolscucumberv8 => v10arubav2.1 => v2.2Deprecated
BomComponent=>Cyclonedx::BomComponentBombuilder=>Cyclonedx::BomBuilder(note the capitalization change)Object.purl=>Cyclonedx::BomHelpers.purlObject.random_urn_uuid=>Cyclonedx::BomHelpers.random_urn_uuidObject.build_bom=>Cyclonedx::BomHelpers.build_bomObject.build_json_bom=>Cyclonedx::BomHelpers.build_json_bomObject.build_bom_xml=>Cyclonedx::BomHelpers.build_bom_xmlObject.get_gem=>Cyclonedx::BomHelpers.get_gemFixed
Nokogiri::XML::Buildercontext relies onmethod_missingObject#purlconflicted with<purl>.Cyclonedx::BomHelpers.purlto avoid conflict in v2.0.0 (along with all other global methods)purl_<purl>Signed-off-by: Peter H. Boling [email protected]