Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: expose sbom generation functionality (#114)
* fix gitignore for bin directory Signed-off-by: nscuro <nscuro@protonmail.com> * introduce public generator api Signed-off-by: nscuro <nscuro@protonmail.com> * migrate `bin` generation logic to public api Signed-off-by: nscuro <nscuro@protonmail.com> * move `main.go` to `cmd` directory to avoid warnings during `go get` Signed-off-by: nscuro <nscuro@protonmail.com> * refactor to not use global logger instance anymore Signed-off-by: nscuro <nscuro@protonmail.com> * migrate `mod` generation logic to public api Signed-off-by: nscuro <nscuro@protonmail.com> * introduce `bomtest` package for shared testing funcs Signed-off-by: nscuro <nscuro@protonmail.com> * move `bin` e2e tests to generator package Signed-off-by: nscuro <nscuro@protonmail.com> * revert 6699cea and 8aec93d keep the e2e tests for testing the generation logic for now. we may change this in the future, but for now it'd cause too much refactoring work. Signed-off-by: nscuro <nscuro@protonmail.com> * re-add basic tests for `bin` generator and its options Signed-off-by: nscuro <nscuro@protonmail.com> * basic tests for `mod` generator Signed-off-by: nscuro <nscuro@protonmail.com> * documentation Signed-off-by: nscuro <nscuro@protonmail.com> * migrate `app` generation logic to public api Signed-off-by: nscuro <nscuro@protonmail.com> * fix `TestModWhy` i know, i know... this test should be deterministic. Signed-off-by: nscuro <nscuro@protonmail.com> * add changelog entry Signed-off-by: nscuro <nscuro@protonmail.com> * more godoc Signed-off-by: nscuro <nscuro@protonmail.com> * use logger for go command output as well Signed-off-by: nscuro <nscuro@protonmail.com> * move generator tests to `pkg` still need a solution to strip dynamic data from generated boms before comparing them to snapshots though Signed-off-by: nscuro <nscuro@protonmail.com> * address gosec findings Signed-off-by: nscuro <nscuro@protonmail.com> * address gosec findings Signed-off-by: nscuro <nscuro@protonmail.com> * test+redact dynamic properties before comparing to snapshot Signed-off-by: nscuro <nscuro@protonmail.com> * implement redacting of stdlib versions for snapshot tests Signed-off-by: nscuro <nscuro@protonmail.com> * make linter happy Signed-off-by: nscuro <nscuro@protonmail.com> * re-add missing logic for bin Signed-off-by: nscuro <nscuro@protonmail.com> * regenerate example sboms Signed-off-by: nscuro <nscuro@protonmail.com> * ensure bom file is closed before validating it with cdx cli Signed-off-by: nscuro <nscuro@protonmail.com> * remove internal reproducible flag Signed-off-by: nscuro <nscuro@protonmail.com> * add disclaimer Signed-off-by: nscuro <nscuro@protonmail.com> Closes #99 Closes #108
- Loading branch information