fosslight · dd-jy · Jan 23, 2025 · Jan 23, 2025
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -30,6 +30,7 @@ jobs:
         pip install tox
     - name: Run Tox
       run: |
+        tox -e release_flake8
         tox -e release   
   reuse:
     runs-on: ubuntu-latest

diff --git a/src/fosslight_util/_get_downloadable_url.py b/src/fosslight_util/_get_downloadable_url.py
@@ -121,7 +121,7 @@ def get_download_location_for_pypi(link):
                 ret = True
             else:
                 logger.warning(f'Cannot find the valid link for pypi (url:{new_link}')
-        except Exception as e:
+        except Exception:
             oss_name = re.sub(r"[-]+", "_", oss_name).lower()
             new_link = f'{host}/packages/source/{oss_name[0]}/{oss_name}/{oss_name}-{oss_version}.tar.gz'
             res = urlopen(new_link)

diff --git a/src/fosslight_util/exclude.py b/src/fosslight_util/exclude.py
@@ -5,8 +5,10 @@
 
 import os
 import fnmatch
+from typing import List
 
-def excluding_files(patterns: list[str], path_to_scan: str) -> list[str]:
+
+def excluding_files(patterns: List[str], path_to_scan: str) -> List[str]:
     excluded_paths = set()
 
     # Normalize patterns: e.g., 'sample/', 'sample/*' -> 'sample'

diff --git a/src/fosslight_util/output_format.py b/src/fosslight_util/output_format.py
@@ -48,7 +48,8 @@ def check_output_format(output='', format='', customized_format={}):
                 if format:
                     if output_extension != basename_extension:
                         success = False
-                        msg = f"(-o & -f option) Enter the same extension of output file(-o:'{output}') with format(-f:'{format}')."
+                        msg = f"(-o & -f option) Enter the same extension of output file(-o:'{output}') \
+                                with format(-f:'{format}')."
                 else:
                     if basename_extension not in support_format.values():
                         success = False
@@ -96,7 +97,8 @@ def check_output_formats(output='', formats=[], customized_format={}):
                 if formats:
                     if basename_extension not in output_extensions:
                         success = False
-                        msg = f"(-o & -f option) The format of output file(-o:'{output}') should be in the format list(-f:'{formats}')."
+                        msg = f"(-o & -f option) The format of output file(-o:'{output}') \
+                                should be in the format list(-f:'{formats}')."
                 else:
                     if basename_extension not in support_format.values():
                         success = False
@@ -145,7 +147,8 @@ def check_output_formats_v2(output='', formats=[], customized_format={}):
                 if formats:
                     if basename_extension not in output_extensions:
                         success = False
-                        msg = f"(-o & -f option) The format of output file(-o:'{output}') should be in the format list(-f:'{formats}')."
+                        msg = f"(-o & -f option) The format of output file(-o:'{output}') \
+                                should be in the format list(-f:'{formats}')."
                 else:
                     if basename_extension not in support_format.values():
                         success = False

diff --git a/src/fosslight_util/write_cyclonedx.py b/src/fosslight_util/write_cyclonedx.py
@@ -5,16 +5,11 @@
 # SPDX-License-Identifier: Apache-2.0
 
 import os
-import sys
 import logging
 import re
-import json
 from pathlib import Path
-from datetime import datetime
-from fosslight_util.spdx_licenses import get_spdx_licenses_json, get_license_from_nick
 from fosslight_util.constant import (LOGGER_NAME, FOSSLIGHT_DEPENDENCY, FOSSLIGHT_SCANNER,
-                                     FOSSLIGHT_BINARY, FOSSLIGHT_SOURCE)
-from fosslight_util.oss_item import CHECKSUM_NULL, get_checksum_sha1
+                                     FOSSLIGHT_SOURCE)
 import traceback
 
 logger = logging.getLogger(LOGGER_NAME)
@@ -27,14 +22,11 @@
     from cyclonedx.model import XsUri, ExternalReferenceType
     from cyclonedx.model.bom import Bom
     from cyclonedx.model.component import Component, ComponentType, HashAlgorithm, HashType, ExternalReference
-    from cyclonedx.model.contact import OrganizationalEntity
     from cyclonedx.output import make_outputter, BaseOutput
     from cyclonedx.output.json import JsonV1Dot6
     from cyclonedx.schema import OutputFormat, SchemaVersion
-    from cyclonedx.validation import make_schemabased_validator
     from cyclonedx.validation.json import JsonStrictValidator
     from cyclonedx.output.json import Json as JsonOutputter
-    from cyclonedx.output.xml import Xml as XmlOutputter
     from cyclonedx.validation.xml import XmlValidator
 except Exception:
     logger.info('No import cyclonedx-python-lib')
@@ -66,7 +58,6 @@ def write_cyclonedx(output_file_without_ext, output_extension, scan_item):
                                                             type=ComponentType.APPLICATION,
                                                             bom_ref=str(comp_id))
         relation_tree = {}
-        bom_ref_packages = []
 
         output_dir = os.path.dirname(output_file_without_ext)
         Path(output_dir).mkdir(parents=True, exist_ok=True)
@@ -113,7 +104,7 @@ def write_cyclonedx(output_file_without_ext, output_extension, scan_item):
                             try:
                                 oss_licenses.append(lc_factory.make_from_string(ol))
                             except Exception:
-                                logger.info(f'No spdx license name: {oi}')
+                                logger.info(f'No spdx license name: {ol}')
                         if oss_licenses:
                             comp.licenses = oss_licenses
 
@@ -192,9 +183,9 @@ def write_cyclonedx_json(bom, result_file):
         except MissingOptionalDependencyException as error:
             logger.debug(f'JSON-validation was skipped due to {error}')
     except Exception as e:
+        logger.warning(f'Fail to write cyclonedx json: {e}')
         success = False
     return success
-
 
 
 def write_cyclonedx_xml(bom, result_file):
@@ -213,5 +204,6 @@ def write_cyclonedx_xml(bom, result_file):
         except MissingOptionalDependencyException as error:
             logger.debug(f'XML-validation was skipped due to {error}')
     except Exception as e:
+        logger.warning(f'Fail to write cyclonedx xml: {e}')
         success = False
-    return success
+    return success
diff --git a/tox.ini b/tox.ini
@@ -41,5 +41,10 @@ commands =
   # Test - run pytest
   pytest
 
+[testenv:release_flake8]
+deps =
+  -r{toxinidir}/requirements-dev.txt
+wheel = true
+commands =
   # Test - check PEP8
   pytest -v --flake8