From 299209abd9531d808e0cc4235e77a7c4b1b53d96 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 28 Oct 2023 19:35:06 +0200 Subject: [PATCH 1/5] chore(deps): bump actions/setup-node from 3 to 4 (#328) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4.
Release notes

Sourced from actions/setup-node's releases.

v4.0.0

What's Changed

In scope of this release we changed version of node runtime for action from node16 to node20 and updated dependencies in actions/setup-node#866

Besides, release contains such changes as:

New Contributors

Full Changelog: https://github.com/actions/setup-node/compare/v3...v4.0.0

v3.8.2

What's Changed

Full Changelog: https://github.com/actions/setup-node/compare/v3...v3.8.2

v3.8.1

What's Changed

In scope of this release, the filter was removed within the cache-save step by @​dmitry-shibanov in actions/setup-node#831. It is filtered and checked in the toolkit/cache library.

Full Changelog: https://github.com/actions/setup-node/compare/v3...v3.8.1

v3.8.0

What's Changed

Bug fixes:

Feature implementations:

Documentation changes:

Update dependencies:

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-node&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/js.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/js.yml b/.github/workflows/js.yml index 00c9a33b..5e79d90a 100644 --- a/.github/workflows/js.yml +++ b/.github/workflows/js.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@v4 - name: Setup Node.js # see https://github.com/actions/setup-node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: '20.x' - name: Install Depenencies From 9f3e3d874d3b2f31502e0d5652260b420eea64f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 2 Dec 2023 06:21:41 +0000 Subject: [PATCH 2/5] chore(deps): bump actions/setup-java from 3 to 4 Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/cibuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cibuild.yml b/.github/workflows/cibuild.yml index fe075eda..99c20f59 100644 --- a/.github/workflows/cibuild.yml +++ b/.github/workflows/cibuild.yml @@ -18,7 +18,7 @@ jobs: uses: actions/checkout@v4 - name: Set up JDK # see https://github.com/actions/setup-java - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: '8' distribution: 'zulu' From 861cc9f37840620a95aed1b398d08bdda2cec47b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Dec 2023 06:24:57 +0000 Subject: [PATCH 3/5] chore(deps): bump actions/setup-python from 4 to 5 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/cibuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cibuild.yml b/.github/workflows/cibuild.yml index 99c20f59..ceedac03 100644 --- a/.github/workflows/cibuild.yml +++ b/.github/workflows/cibuild.yml @@ -28,7 +28,7 @@ jobs: working-directory: tools - name: Setup Python Environment # see https://github.com/actions/setup-python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' From 7b7ea1314aba8a916b53d8296bb5dc2c84442991 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Tue, 12 Dec 2023 10:15:32 +0100 Subject: [PATCH 4/5] tests: java tests run agsinst CDX1.5 Signed-off-by: Jan Kowalleck --- tools/pom.xml | 2 +- .../java/org/cyclonedx/schema/BaseSchemaVerificationTest.java | 1 + .../java/org/cyclonedx/schema/JsonSchemaVerificationTest.java | 2 ++ .../java/org/cyclonedx/schema/XmlSchemaVerificationTest.java | 2 ++ 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/pom.xml b/tools/pom.xml index d074df4f..78655387 100644 --- a/tools/pom.xml +++ b/tools/pom.xml @@ -55,7 +55,7 @@ 3.6 1.2 1.4.9 - 7.2.0 + 8.0.3 diff --git a/tools/src/test/java/org/cyclonedx/schema/BaseSchemaVerificationTest.java b/tools/src/test/java/org/cyclonedx/schema/BaseSchemaVerificationTest.java index ff45bd20..faae872b 100644 --- a/tools/src/test/java/org/cyclonedx/schema/BaseSchemaVerificationTest.java +++ b/tools/src/test/java/org/cyclonedx/schema/BaseSchemaVerificationTest.java @@ -28,6 +28,7 @@ List getAllResources() throws Exception { files.addAll(getResources("1.2/")); files.addAll(getResources("1.3/")); files.addAll(getResources("1.4/")); + files.addAll(getResources("1.5/")); return files; } diff --git a/tools/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java b/tools/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java index 55716982..3862bb14 100644 --- a/tools/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java +++ b/tools/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java @@ -40,6 +40,8 @@ Collection dynamicTestsWithCollection() throws Exception { schemaVersion = CycloneDxSchema.Version.VERSION_13; } else if (file.endsWith("-1.4.json")) { schemaVersion = CycloneDxSchema.Version.VERSION_14; + } else if (file.endsWith("-1.5.json")) { + schemaVersion = CycloneDxSchema.Version.VERSION_15; } else { schemaVersion = null; } diff --git a/tools/src/test/java/org/cyclonedx/schema/XmlSchemaVerificationTest.java b/tools/src/test/java/org/cyclonedx/schema/XmlSchemaVerificationTest.java index 12494921..01434b00 100644 --- a/tools/src/test/java/org/cyclonedx/schema/XmlSchemaVerificationTest.java +++ b/tools/src/test/java/org/cyclonedx/schema/XmlSchemaVerificationTest.java @@ -44,6 +44,8 @@ Collection dynamicTestsWithCollection() throws Exception { schemaVersion = CycloneDxSchema.Version.VERSION_13; } else if (file.endsWith("-1.4.xml")) { schemaVersion = CycloneDxSchema.Version.VERSION_14; + } else if (file.endsWith("-1.5.xml")) { + schemaVersion = CycloneDxSchema.Version.VERSION_15; } else { schemaVersion = null; } From 963e99be3d97b1f272c02184e1196542a18225af Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 15 Dec 2023 19:34:52 +0100 Subject: [PATCH 5/5] ci: split workflows (#357) have dedicated workflow for - generate the docs - tests with java - tests with php - test with javascript Signed-off-by: Jan Kowalleck --- .../workflows/{cibuild.yml => build_docs.yml} | 54 +++++++++++-------- .github/workflows/test_java.yml | 32 +++++++++++ .github/workflows/{js.yml => test_js.yml} | 3 +- .github/workflows/{php.yml => test_php.yml} | 6 ++- 4 files changed, 69 insertions(+), 26 deletions(-) rename .github/workflows/{cibuild.yml => build_docs.yml} (54%) create mode 100644 .github/workflows/test_java.yml rename .github/workflows/{js.yml => test_js.yml} (97%) rename .github/workflows/{php.yml => test_php.yml} (87%) diff --git a/.github/workflows/cibuild.yml b/.github/workflows/build_docs.yml similarity index 54% rename from .github/workflows/cibuild.yml rename to .github/workflows/build_docs.yml index ceedac03..a1747b34 100644 --- a/.github/workflows/cibuild.yml +++ b/.github/workflows/build_docs.yml @@ -1,4 +1,4 @@ -name: CI Build +name: Build Docs on: push: @@ -10,43 +10,51 @@ env: PYTHON_VERSION_DEFAULT: "3.10" jobs: - build: + docs_xml: runs-on: ubuntu-latest + defaults: + run: + working-directory: docgen/xml steps: - name: Checkout # see https://github.com/actions/checkout uses: actions/checkout@v4 - - name: Set up JDK - # see https://github.com/actions/setup-java - uses: actions/setup-java@v4 - with: - java-version: '8' - distribution: 'zulu' - java-package: jdk - - name: Build with Maven - run: mvn -B package --file pom.xml - working-directory: tools - name: Setup Python Environment # see https://github.com/actions/setup-python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - - name: Generate JSON Schema documentation - run: ./gen.sh - working-directory: docgen/json - - name: Generate XML Schema documentation + - name: Generate Schema documentation run: ./gen.sh - working-directory: docgen/xml - - name: Archive JSON Schema documentation + - name: Archive Schema documentation # https://github.com/actions/upload-artifact uses: actions/upload-artifact@v3 with: - name: JSON-Schema-documentation - path: docgen/json/docs - - name: Archive XML Schema documentation + name: XML-Schema-documentation + path: docgen/xml/docs + if-no-files-found: error + docs_json: + runs-on: ubuntu-latest + defaults: + run: + working-directory: docgen/json + steps: + - name: Checkout + # see https://github.com/actions/checkout + uses: actions/checkout@v4 + - name: Setup Python Environment + # see https://github.com/actions/setup-python + uses: actions/setup-python@v5 + with: + python-version: ${{ env.PYTHON_VERSION_DEFAULT }} + architecture: 'x64' + - name: Generate Schema documentation + run: ./gen.sh + - name: Archive Schema documentation # https://github.com/actions/upload-artifact uses: actions/upload-artifact@v3 with: - name: XML-Schema-documentation - path: docgen/xml/docs + name: JSON-Schema-documentation + path: docgen/json/docs + if-no-files-found: error diff --git a/.github/workflows/test_java.yml b/.github/workflows/test_java.yml new file mode 100644 index 00000000..dfbcc784 --- /dev/null +++ b/.github/workflows/test_java.yml @@ -0,0 +1,32 @@ +name: CT Java + +on: + push: + branches: ['master', 'main'] + pull_request: + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +defaults: + run: + working-directory: tools + +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout + # see https://github.com/actions/checkout + uses: actions/checkout@v4 + - name: Set up JDK + # see https://github.com/actions/setup-java + uses: actions/setup-java@v4 + with: + java-version: '8' + distribution: 'zulu' + java-package: jdk + - name: test with Maven + run: mvn clean test diff --git a/.github/workflows/js.yml b/.github/workflows/test_js.yml similarity index 97% rename from .github/workflows/js.yml rename to .github/workflows/test_js.yml index 5e79d90a..4502b200 100644 --- a/.github/workflows/js.yml +++ b/.github/workflows/test_js.yml @@ -1,6 +1,6 @@ # docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions -name: JS CI +name: CT JavaScript on: push: @@ -12,7 +12,6 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true - defaults: run: working-directory: tools/src/test/js diff --git a/.github/workflows/php.yml b/.github/workflows/test_php.yml similarity index 87% rename from .github/workflows/php.yml rename to .github/workflows/test_php.yml index 3ee29466..498acebf 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/test_php.yml @@ -1,6 +1,6 @@ # docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions -name: PHP CI +name: CT PHP on: push: @@ -8,6 +8,10 @@ on: pull_request: workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + defaults: run: working-directory: tools/src/test/php