Add acceptance and unit testing

.github/workflows/ruby.yml

@@ -1,20 +1,30 @@
-name: Ruby CI
+name: Ruby
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - main
+
+  pull_request:
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
+    name: Ruby ${{ matrix.ruby }}
+    strategy:
+      matrix:
+        ruby:
+          - '3.2.2'
+          - '3.1.4'
+          - '3.0.6'
+          - '2.7.7'
 
     steps:
     - uses: actions/checkout@v3
-    - name: Set up Ruby 2.6
+    - name: Set up Ruby ${{ matrix.ruby }}
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: '2.6'
-    - name: Build and test with Rake
-      run: |
-        gem install bundler
-        bundle install --jobs 4 --retry 3
-        bundle exec rake
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - name: Run the default task
+      run: bundle exec rake

.gitignore

@@ -1 +1,4 @@
-.idea
+.idea
+/Gemfile.lock
+/tmp/aruba
+/coverage

.simplecov

@@ -0,0 +1,38 @@
+# Copied from https://github.com/cucumber/aruba/blob/3b1a6cea6e3ba55370c3396eef0a955aeb40f287/.simplecov
+# Licensed under MIT - https://github.com/cucumber/aruba/blob/3b1a6cea6e3ba55370c3396eef0a955aeb40f287/LICENSE
+
+SimpleCov.configure do
+  enable_for_subprocesses true
+
+  # Activate branch coverage
+  enable_coverage :branch
+
+  # ignore this file
+  add_filter ".simplecov"
+  add_filter "features"
+
+  # Rake tasks aren't tested with rspec
+  add_filter "Rakefile"
+  add_filter "lib/tasks"
+
+  #
+  # Changed Files in Git Group
+  # @see http://fredwu.me/post/35625566267/simplecov-test-coverage-for-changed-files-only
+  untracked         = `git ls-files --exclude-standard --others`
+  unstaged          = `git diff --name-only`
+  staged            = `git diff --name-only --cached`
+  all               = untracked + unstaged + staged
+  changed_filenames = all.split("\n")
+
+  add_group "Changed" do |source_file|
+    changed_filenames.select do |changed_filename|
+      source_file.filename.end_with?(changed_filename)
+    end
+  end
+
+  add_group "Libraries", "lib"
+
+  # Specs are reported on to ensure that all examples are being run and all
+  # lets, befores, afters, etc are being used.
+  add_group "Specs", "spec/"
+end

Rakefile

@@ -1,7 +1,47 @@
 #!/usr/bin/env rake
+$LOAD_PATH << File.expand_path(__dir__)
+
+require "aruba/platform"
+
+require "bundler"
+Bundler.setup
+
 require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
+require "cucumber/rake/task"
+require "rspec/core/rake_task"
+require 'rake/clean'
+
+# Work around a bug in `rake/clean` from `rake` versions older than 13. It's 
+# failing when it calls `FileUtils::rm_r` because that method needs to receive 
+# the `opts` parameter as parameters instead of as a `Hash`.
+module Rake
+  module Cleaner
+    module_function
+
+    def cleanup(file_name, **opts)
+      begin
+        opts = { verbose: Rake.application.options.trace }.merge(opts)
+        rm_r file_name, **opts
+      rescue StandardError => ex
+        puts "Failed to remove #{file_name}: #{ex}" unless file_already_gone?(file_name)
+      end
+    end
+  end
+end
+
+# Remove the `coverage` directory when the `:clobber` task is run.
+CLOBBER.include('coverage')
+
+Cucumber::Rake::Task.new do |t|
+  t.cucumber_opts = %w(--format progress)
+end
 
 RSpec::Core::RakeTask.new('spec')
 
-task default: :spec
+# Run the `clobber` task when running the entire test suite, because the
+# coverage information reported by `simplecov` can be skewed when a `coverage`
+# directory is already present.
+desc "Run the whole test suite."
+task test: [:clobber, :spec, :cucumber]
+
+task default: :test

cucumber.yml

@@ -0,0 +1 @@
+default: --publish-quiet

cyclonedx-ruby.gemspec

@@ -8,14 +8,28 @@ Gem::Specification.new do |spec|
   spec.description = 'CycloneDX is a lightweight software bill-of-material (SBOM) specification designed for use in application security contexts and supply chain component analysis. This Gem generates CycloneDX BOMs from Ruby projects.'
   spec.authors     = ['Joseph Kobti', 'Steve Springett']
   spec.email       = '[email protected]'
-  spec.files       = ['lib/bom_builder.rb', 'lib/bom_helpers.rb', 'lib/licenses.json', 'lib/bom_component.rb']
   spec.homepage    = 'https://github.com/CycloneDX/cyclonedx-ruby-gem'
   spec.license     = 'Apache-2.0'
-  spec.executables << 'cyclonedx-ruby'
+
+  spec.required_ruby_version = ">= 2.7.0"
+
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (File.expand_path(f) == __FILE__) || f.start_with?(*%w[bin/ test/ spec/ features/ .git .circleci appveyor])
+    end
+  end
+  spec.bindir = 'exe'
+  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
   spec.add_dependency('json', '~> 2.2')
   spec.add_dependency('nokogiri', '~> 1.8')
   spec.add_dependency('ostruct', '~> 0.1')
   spec.add_dependency('rest-client', '~> 2.0')
+  spec.add_dependency('activesupport', '~> 7.0')
   spec.add_development_dependency 'rake', '~> 12'
   spec.add_development_dependency 'rspec', '~> 3.7'
+  spec.add_development_dependency 'cucumber', '~> 8.0'
+  spec.add_development_dependency 'aruba', '~> 2.1'
+  spec.add_development_dependency 'simplecov', '~> 0.22.0'
 end

features/defaults.feature

@@ -0,0 +1,13 @@
+Feature: Default parameter values
+
+Many of the options for the `cyclonedx-ruby` command are optional. 
+
+Scenario: Running against simple fixture
+  Given I use a fixture named "simple"
+  And I run `cyclonedx-ruby --path .`
+  Then the output should contain:
+  """
+  5 gems were written to BOM located at ./bom.xml
+  """
+  And a file named "bom.xml" should exist
+  And the generated XML BOM file "bom.xml" matches "bom.xml.expected"

features/fixtures/simple/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gem 'activesupport'

features/fixtures/simple/Gemfile.lock

@@ -0,0 +1,23 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (7.0.4.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    concurrent-ruby (1.2.2)
+    i18n (1.12.0)
+      concurrent-ruby (~> 1.0)
+    minitest (5.18.0)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+
+PLATFORMS
+  arm64-darwin-22
+
+DEPENDENCIES
+  activesupport
+
+BUNDLED WITH
+   2.4.10

features/fixtures/simple/bom.json.expected

@@ -0,0 +1,108 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.1",
+  "serialNumber": "urn:uuid:d498cdc2-5494-4031-b37d-ff3d10d336bf",
+  "version": 1,
+  "components": [
+    {
+      "type": "library",
+      "name": "activesupport",
+      "version": "7.0.4.3",
+      "description": "A toolkit of support libraries and Ruby core extensions extracted from the Rails framework.",
+      "purl": "pkg:gem/[email protected]",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "571ed0fac8510f1fc8a1d66aa070d07ea269913bf9ef50960a8044536358a096"
+        }
+      ],
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "concurrent-ruby",
+      "version": "1.2.2",
+      "description": "Modern concurrency tools for Ruby. Inspired by Erlang, Clojure, Scala, Haskell, F#, C#, Java, and classic concurrency patterns.",
+      "purl": "pkg:gem/[email protected]",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "3879119b8b75e3b62616acc256c64a134d0b0a7a9a3fcba5a233025bcde22c4f"
+        }
+      ],
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "i18n",
+      "version": "1.12.0",
+      "description": "New wave Internationalization support for Ruby",
+      "purl": "pkg:gem/[email protected]",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "91e3cc1b97616d308707eedee413d82ee021d751c918661fb82152793e64aced"
+        }
+      ],
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "minitest",
+      "version": "5.18.0",
+      "description": "minitest provides a complete suite of testing facilities supporting TDD, BDD, mocking, and benchmarking",
+      "purl": "pkg:gem/[email protected]",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "06f43aa0692ce3acf19cb5bc539ad2c6095ca3d2c7e5fbafc58a7d847e898745"
+        }
+      ],
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "tzinfo",
+      "version": "2.0.6",
+      "description": "Time Zone Library",
+      "purl": "pkg:gem/[email protected]",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "8daf828cc77bcf7d63b0e3bdb6caa47e2272dcfaf4fbfe46f8c3a9df087a829b"
+        }
+      ],
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT"
+          }
+        }
+      ]
+    }
+  ]
+}