✨ --validate #39
Open
✨ --validate #39
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR introduces BOM validation capabilities with --validate and --validate-file flags, along with significant refactoring to organize the codebase under the Cyclonedx namespace for a cleaner v2.0.0 migration path.
Key Changes:
- Added BOM validation via JSON Schema and XML XSD using local schema files
- Restructured codebase with proper namespace organization under
Cyclonedxmodule - Introduced deprecation framework to maintain backward compatibility until v2.0.0
- Added
json_schemerdependency for JSON validation
Reviewed Changes
Copilot reviewed 56 out of 76 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| spec/spec_helper.rb | Restructured to use modern RSpec configuration and conditional legacy path loading |
| spec/cyclonedx/ruby_spec.rb | Added version number test for new namespace |
| spec/cyclonedx/bom_helpers_spec.rb | Migrated tests to new Cyclonedx namespace |
| spec/cyclonedx/bom_component_spec.rb | Updated to use Cyclonedx::BomComponent |
| spec/bom_helpers_spec.rb | Removed duplicate legacy test file |
| lib/cyclonedx/ruby.rb | New main entry point with required dependencies including json_schemer |
| lib/cyclonedx/ruby/version.rb | Version constant definition |
| lib/cyclonedx/ruby/deprecation.rb | Deprecation framework for v2.0.0 migration |
| lib/cyclonedx_deprecated.rb | Legacy compatibility layer with deprecation warnings |
| schema/* | Added CycloneDX specification schema files for validation |
| features/json_format.feature | Removed trailing whitespace |
| sig/cyclonedx/ruby.rbs | Added RBS type signature file |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
pboling
force-pushed
the
feat/schema-validate
branch
from
86a8d79 to
14714af
Compare
This was referenced Oct 26, 2025
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
- .gitignore - .rspec Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
### Added - `CHANGELOG.md` file to document notable changes in keep-a-changelog format - `Cyclonedx::BomHelpers` module to house helper methods, replacing global methods - `Cyclonedx::BomBuilder` class, replacing `Bombuilder` (note the capitalization change) - `Cyclonedx::BomComponent` class, replacing `BomComponent` - `Cyclonedx::Ruby::Version::VERSION` constant to hold the version number (also available as `Cyclonedx::VERSION`) - `Cyclonedx::Ruby::Deprecation` module to help manage deprecations ### Changed - Updated gemspec metadata for clarity and consistency - Modernized Rakefile, dotfiles, and test setup - `LICENSE` => `LICENSE.txt` to simplify parsing consistency on various platforms and tools - `cucumber` v8 => v10 - `aruba` v2.1 => v2.2 ### Deprecated - `BomComponent` => `Cyclonedx::BomComponent` - `Bombuilder` => `Cyclonedx::BomBuilder` (note the capitalization change) - `Object.purl` => `Cyclonedx::BomHelpers.purl` - `Object.random_urn_uuid` => `Cyclonedx::BomHelpers.random_urn_uuid` - `Object.build_bom` => `Cyclonedx::BomHelpers.build_bom` - `Object.build_json_bom` => `Cyclonedx::BomHelpers.build_json_bom` - `Object.build_bom_xml` => `Cyclonedx::BomHelpers.build_bom_xml` - `Object.get_gem` => `Cyclonedx::BomHelpers.get_gem` Signed-off-by: Peter H. Boling <[email protected]>
### Added - `CHANGELOG.md` file to document notable changes in keep-a-changelog format - `Cyclonedx::BomHelpers` module to house helper methods, replacing global methods - `Cyclonedx::BomBuilder` class, replacing `Bombuilder` (note the capitalization change) - `Cyclonedx::BomComponent` class, replacing `BomComponent` - `Cyclonedx::Ruby::Version::VERSION` constant to hold the version number (also available as `Cyclonedx::VERSION`) - `Cyclonedx::Ruby::Deprecation` module to help manage deprecations ### Changed - Updated gemspec metadata for clarity and consistency - Modernized Rakefile, dotfiles, and test setup - `LICENSE` => `LICENSE.txt` to simplify parsing consistency on various platforms and tools - `cucumber` v8 => v10 - `aruba` v2.1 => v2.2 ### Deprecated - `BomComponent` => `Cyclonedx::BomComponent` - `Bombuilder` => `Cyclonedx::BomBuilder` (note the capitalization change) - `Object.purl` => `Cyclonedx::BomHelpers.purl` - `Object.random_urn_uuid` => `Cyclonedx::BomHelpers.random_urn_uuid` - `Object.build_bom` => `Cyclonedx::BomHelpers.build_bom` - `Object.build_json_bom` => `Cyclonedx::BomHelpers.build_json_bom` - `Object.build_bom_xml` => `Cyclonedx::BomHelpers.build_bom_xml` - `Object.get_gem` => `Cyclonedx::BomHelpers.get_gem` ### Fixed - `Nokogiri::XML::Builder` context relies on `method_missing` - Globally defined `Object#purl` conflicted with `<purl>`. - Moved to `Cyclonedx::BomHelpers.purl` to avoid conflict in v2.0.0 (along with all other global methods) - Fixed existing usage via the built-in Nokogiri workaround of adding an underscore `purl_` - The XML tag is unchanged as `<purl>` Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
- Bigger build matrix changes are needed to continue running against older bunlders. - will introduce the appraisal pattern later Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
pboling
force-pushed
the
feat/schema-validate
branch
from
9c107ae to
cbca549
Compare
Signed-off-by: Jan Kowalleck <[email protected]>
- cleanup spec.files Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
pboling
force-pushed
the
feat/schema-validate
branch
from
cbca549 to
e0197c0
Compare
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
- Add spec version selection end-to-end with a new --spec-version flag (default 1.7).
- Update JSON and XML outputs to honor the selected spec version.
- Update fixtures, help text, tests, and docs.
Files:
- lib/bom_helpers.rb:
- Added SUPPORTED_SPEC_VERSIONS, cyclonedx_xml_namespace helper.
build_bom now accepts spec_version and routes to:
- build_json_bom(gems, spec_version) sets specVersion to the provided version.
- build_bom_xml(gems, spec_version) sets xmlns to http://cyclonedx.org/schema/bom/<version>.</version>
- lib/bom_builder.rb:
- Added --spec-version with validation; default is 1.7.
- Pass @spec_version into build_bom(@Gems, @bom_output_format, @spec_version).
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
- Added --validate and --validate-file flags in Cyclonedx::BomBuilder. - After writing the BOM, if --validate is set, validate JSON via JSON Schema and XML via XSD with local files under schema/. - Added logic to validate an existing file with --validate --validate-file <path>, inferring format from extension unless --format is provided.</path> - In validate-only mode, project path isn’t required. - Added Cyclonedx::BomHelpers.validate_bom_content(content, format, spec_version) which: - For JSON: uses json_schemer to validate against bom-<ver>.schema.json.</ver> - For XML: uses Nokogiri::XML::Schema with bom-<ver>.xsd.</ver> - Uses local schemas at schema/ and surfaces compact error messages; returns non-zero exit on failure. - Added json_schemer (~> 2.2) to cyclonedx-ruby.gemspec. - Required json_schemer in lib/cyclonedx/ruby.rb. - Updated features/help.feature to show the new flags. - Added features/validate.feature: - Validate XML BOM succeeds. - Validate JSON BOM succeeds. - Validate fails for invalid XML BOM (corrupts namespace and expects exit 1). - Infer format from file extension when using --validate-file and no --format provided. Signed-off-by: Peter H. Boling <[email protected]>
Signed-off-by: Peter H. Boling <[email protected]>
pboling
force-pushed
the
feat/schema-validate
branch
from
e0197c0 to
45eef49
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CLI and validation
Validation helpers
Dependencies
Cucumber tests
Small extras
Signed-off-by: Peter H. Boling [email protected]