feat: added PDM support for generating the SBOM file

[rios0rios0]

Description

Here we are adding support for PDM.

• What issue(s) does this PR solve?:

Closes #604.

Requirements

• We have read the Contribution Guidelines

Checklist

• This PR follows the Angular branching strategy
• Code is linted
• We have followed the Angular commit message style

[jkowalleck]

thank you for the initiative, @rios0rios0

Before we even take a look at your implementation,
could you write an issue describing the problem you try to solve? What is the motivation? What is the expected outcome? What are acceptance criteria? What are edge cases? How to test?

We then might discuss the feature and implications

Until a conclusion regarding feature adoption is made, this PR will set to "DRAFT".

[k4yt3x]

Thanks @jkowalleck. There's still some work that needs to be done. We'll create and issue and I'm in the process of writing some tests. For the time being we'll just need this PR to be here as a stub. We'll ping you when we think it's ready.

[jkowalleck]

the project is currently undergoing a complete restructuring process (see #610)
therefore, your work will need to be refactored, as soon as the next major version is released.

i will keep you posted as soon as a previous version exists, so you could base your work in it

[jkowalleck]

re: #603 (comment)

@rios0rios0 @k4yt3x please rebase onto branch dev/4.0.0.
This branch is the upcoming version, a complete redesign of everything.

I hope you will understand the new structures and concepts, and see how unit/integration tests are to be structured.

[k4yt3x]

Hello @jkowalleck,

We're just returning from the holidays and hope you had a wonderful Christmas and New Year.

We have reviewed the new structure, and honestly, it's been somewhat difficult for us to grasp the new concepts. Adding PDM support for dev/4.0.0 also seems like more work than adding it to 3.x.x.

At this point, since our enhancements based on a fork of 3.11.7 already meet our internal requirements, rebasing it onto dev/4.0.0 doesn't seem like an efficient use of our engineering-hours, particularly considering the difficulties we've faced in understanding the new version.

If you're interested, we can still generate all the tests and documentation for our current changes based on 3.11.7 for potential merging. Otherwise, considering the amount of work we currently have, we will need to defer submitting PDM support to upstream.

[jkowalleck]

If you're interested, we can still generate all the tests and documentation [...]

Please do so. This would help tremendously.
It usually costs around 40 hours to integrate a new ecosystem/source,
divided in 35 hours reading docs, building all sorts of example data/test-beds and such,
while the actual implementation is around 5 hours.|

compare existing testbeds: https://github.com/CycloneDX/cyclonedx-python/tree/dev/4.0.0/tests/_data/infiles

[k4yt3x]

@jkowalleck We proposed to write tests for 3.x.x but you referenced the tests for 4.0.0. I'm slightly confused.

[jkowalleck]

We proposed to write tests for 3.x.x but you referenced the tests for 4.0.0. I'm slightly confused.

Actually I don't need tests written in python, but I really need test-beds for your use cases - just like the ones I linked.

[k4yt3x]

Hi again. I had no clue what the test data files are like when you sent them, so I parked this project for a bit and finally got time to take another look at this project today. "Our use cases" would be internal projects so I don't think it's possible for me to provide them.

The original purpose of this PR is to see if the upstream could use our changes for 3.x.x. We tested the new 4.x.x version and the environment mode works well with our PDM environment. We do have a few suggestions but it will not be related to this topic so perhaps we can close this PR at this point. @rios0rios0