From 583276c7f46c05c081d7144e929d76d94f6f11c9 Mon Sep 17 00:00:00 2001 From: Thorben Lindhauer Date: Fri, 29 Sep 2023 11:06:00 +0200 Subject: [PATCH] chore(workflows): add standalone SBOM diffing script for local testing related to camunda/camunda-bpm-platform#2781 --- common/.gitignore | 1 + common/README.md | 12 ++++++++ common/diff-sboms-standalone.js | 50 +++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 common/.gitignore create mode 100644 common/diff-sboms-standalone.js diff --git a/common/.gitignore b/common/.gitignore new file mode 100644 index 0000000..222c251 --- /dev/null +++ b/common/.gitignore @@ -0,0 +1 @@ +sbom-workspace diff --git a/common/README.md b/common/README.md index edf08df..3758b4e 100644 --- a/common/README.md +++ b/common/README.md @@ -13,3 +13,15 @@ git push ... ``` Make sure to commit and push the changes to the `dist` directory to the repository. + +# How to test + +Run `npm run test` to run the unit tests + +# How to try SBOM diffing + +1. Generate two SBOMs that you want to compare + 1. For example, use `mvn org.cyclonedx:cyclonedx-maven-plugin:2.7.9:makeAggregateBom` to generate an SBOM for a maven (multi-module) project +1. Run `npm run diff-sboms ` to generate an SBOM diff + 1. Hint: The `sbom-workspace` subdirectory is in `.gitignore`, so you can put files there + 1. In Visual Studio Code, you can run the script from the Javascript Debugger Console to attach a debugger and put breakpoints in the business logic \ No newline at end of file diff --git a/common/diff-sboms-standalone.js b/common/diff-sboms-standalone.js new file mode 100644 index 0000000..99389da --- /dev/null +++ b/common/diff-sboms-standalone.js @@ -0,0 +1,50 @@ +const diffSBOMs = require('./src/sbom-diff/differ.js'); +const formatTemplate = require('./src/sbom-diff/format-handlebars-template.js'); +const fs = require('fs'); + +const readFile = function(path) { + return fs.readFileSync(path, 'utf8') +} + +const writeFile = function(path, content) { + fs.writeFileSync(path, content); // default encoding is utf8 +} + +var args = process.argv.slice(2); // first two arguments are the executable and the JS file + +if (args.length != 3) { + throw new Error('Requires three arguments: '); +} + +const baseSbomPath = args[0]; +const headSbomPath = args[1]; +const outPath = args[2]; + +const baseSbom = readFile(baseSbomPath); +const headSbom = readFile(headSbomPath); + +const licenseList = readFile('../java-dependency-check/licenses.json'); + +const commentTemplate = readFile('../java-dependency-check/diff.hbs'); + +const partialPaths = [ + 'componentDetails:../java-dependency-check/component-details.hbs', + 'componentDiff:../java-dependency-check/component-diff.hbs', + 'componentTree:../java-dependency-check/component-tree.hbs', + 'componentVersion:../java-dependency-check/component-version.hbs' +]; + +const partials = partialPaths.reduce( + (result, input) => { + [ partialId, partialPath ] = input.split(':'); + result[partialId.trim()] = readFile(partialPath.trim()); + return result; + }, + {} +); + +diffSBOMs(baseSbom, headSbom, '^org\\.camunda', licenseList) + .then(rootComponentDiff => formatTemplate(rootComponentDiff, commentTemplate, partials) + .then(diff => writeFile(outPath, diff.fullDiff))); + +