Minor improvements (#6)

Author: eljpsm

.goreleaser.yaml

@@ -26,7 +26,7 @@ builds:
       - darwin
     ldflags:
       - -s -w
-      - -X github.com/boringbin/sbomlicense/internal/version.Version={{.Version}}
+      - -X github.com/boringbin/sbomlicense/internal/version.version={{.Version}}
   - id: sbomlicensed
     binary: sbomlicensed
     main: ./cmd/sbomlicensed
@@ -38,7 +38,7 @@ builds:
       - darwin
     ldflags:
       - -s -w
-      - -X github.com/boringbin/sbomlicense/internal/version.Version={{.Version}}
+      - -X github.com/boringbin/sbomlicense/internal/version.version={{.Version}}
 
 archives:
   # Separate archive for CLI tool

cmd/sbomlicense/main.go

@@ -51,7 +51,7 @@ func run() int {
 
 	// Handle version flag
 	if *showVersion {
-		fmt.Fprintf(os.Stdout, "sbomlicense version %s\n", version.Version)
+		fmt.Fprintf(os.Stdout, "sbomlicense version %s\n", version.Get())
 		return exitSuccess
 	}
 

cmd/sbomlicense/main_test.go

@@ -244,8 +244,8 @@ func TestRun_Version(t *testing.T) {
 	if !strings.Contains(output, "sbomlicense version") {
 		t.Errorf("run() --version output = %q, want to contain 'sbomlicense version'", output)
 	}
-	if !strings.Contains(output, version.Version) {
-		t.Errorf("run() --version output = %q, want to contain version %q", output, version.Version)
+	if !strings.Contains(output, version.Get()) {
+		t.Errorf("run() --version output = %q, want to contain version %q", output, version.Get())
 	}
 }
 

cmd/sbomlicensed/main.go

@@ -109,7 +109,7 @@ func run() int {
 	})
 
 	// Create server
-	srv := server.NewServer(service, cacheInstance, logger, *parallel, *cacheTTL, version.Version)
+	srv := server.NewServer(service, cacheInstance, logger, *parallel, *cacheTTL, version.Get())
 
 	// Create HTTP server
 	httpServer := &http.Server{

internal/cache/bbolt.go

@@ -73,9 +73,7 @@ func (c *BboltCache) Get(key string) (string, error) {
 
 		var entry bboltEntry
 		if err := json.Unmarshal(data, &entry); err != nil {
-			// Backward compatibility: treat as plain string value
-			value = string(data)
-			return nil //nolint:nilerr // Intentional: backward compatibility with non-TTL entries
+			return err
 		}
 
 		if entry.isExpired() {

internal/enricher/cyclonedx.go

@@ -4,9 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io"
-	"log/slog"
-	"sync"
 	"time"
 
 	"github.com/boringbin/sbomlicense/internal/cache"
@@ -60,6 +57,29 @@ type LicenseText struct {
 	Content string `json:"content"`
 }
 
+// GetPurl extracts the purl from the CycloneDX component.
+func (c *Component) GetPurl() (string, error) {
+	return GetCycloneDXComponentPurl(c), nil
+}
+
+// HasLicense returns true if the component already has license information.
+func (c *Component) HasLicense() bool {
+	return HasComponentLicense(c)
+}
+
+// SetLicense updates the component with the provided license string.
+// Adds license using Expression format (simpler and more common).
+func (c *Component) SetLicense(license string) {
+	c.Licenses = append(c.Licenses, LicenseChoice{
+		Expression: license,
+	})
+}
+
+// GetLogID returns the BOM reference for logging purposes.
+func (c *Component) GetLogID() string {
+	return c.BOMRef
+}
+
 // ParseCycloneDXFile parses the CycloneDX file into a CycloneDX BOM.
 func ParseCycloneDXFile(data []byte) (*BOM, error) {
 	// Parse the JSON into a CycloneDX BOM
@@ -123,91 +143,30 @@ func NewCycloneDXEnricher(
 }
 
 // Enrich enriches the CycloneDX SBOM with license information.
-//
-//nolint:gocognit // Complexity is inherent to parallel enrichment with worker pool pattern
 func (s *CycloneDXEnricher) Enrich(ctx context.Context, opts Options) ([]byte, error) {
 	// Parse the SBOM file into a CycloneDX BOM
 	bom, err := ParseCycloneDXFile(opts.SBOM)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse SBOM file: %w", err)
 	}
 
-	if len(bom.Components) == 0 {
-		// No components to enrich, return original SBOM
-		return opts.SBOM, nil
-	}
-
-	// Determine parallelism
-	parallelism := opts.Parallelism
-	if parallelism <= 0 {
-		parallelism = 1
-	}
-
-	// Use provided logger or create a no-op logger
-	logger := opts.Logger
-	if logger == nil {
-		logger = slog.New(slog.NewTextHandler(io.Discard, nil))
-	}
-
-	// Create a channel for components to enrich
-	type job struct {
-		component *Component
-		purl      string
-	}
-
-	jobs := make(chan job, len(bom.Components))
-	var wg sync.WaitGroup
-
-	// Spawn workers
-	for range parallelism {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			for j := range jobs {
-				// Check if component already has licenses (in any format)
-				hasLicense := HasComponentLicense(j.component)
-
-				if hasLicense {
-					continue
-				}
-
-				// Get the license from the service
-				lic, licErr := provider.Get(ctx, provider.GetOptions{
-					Purl:     j.purl,
-					Provider: s.provider,
-					Cache:    s.cache,
-					CacheTTL: s.cacheTTL,
-				})
-				if licErr != nil {
-					// Log error but continue processing other components
-					logger.ErrorContext(ctx, "failed to get license for component",
-						"purl", j.purl,
-						"bom_ref", j.component.BOMRef,
-						"error", licErr)
-					continue
-				}
-				if lic != "" {
-					// Add license using Expression format (simpler and more common)
-					j.component.Licenses = append(j.component.Licenses, LicenseChoice{
-						Expression: lic,
-					})
-				}
-			}
-		}()
-	}
-
-	// Queue all components
+	// Convert []Component to []*Component for interface satisfaction
+	components := make([]*Component, len(bom.Components))
 	for i := range bom.Components {
-		component := &bom.Components[i]
-		// Get the purl for the component if it exists
-		purl := GetCycloneDXComponentPurl(component)
-
-		jobs <- job{component: component, purl: purl}
+		components[i] = &bom.Components[i]
 	}
 
-	// Close the channel and wait for workers to finish
-	close(jobs)
-	wg.Wait()
-
-	return json.Marshal(bom)
+	// Enrich and marshal using common helper
+	return enrichDocument(
+		ctx,
+		opts,
+		bom,
+		components,
+		s.provider,
+		s.cache,
+		s.cacheTTL,
+		func(b *BOM) ([]byte, error) {
+			return json.Marshal(b)
+		},
+	)
 }

internal/enricher/spdx.go

@@ -4,9 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io"
-	"log/slog"
-	"sync"
 	"time"
 
 	"github.com/boringbin/sbomlicense/internal/cache"
@@ -47,6 +44,40 @@ type ExternalRef struct {
 	ReferenceLocator  string `json:"referenceLocator"`
 }
 
+// GetPurl extracts the purl from the SPDX package's external references.
+func (p *Package) GetPurl() (string, error) {
+	return GetSPDXPackagePurl(p)
+}
+
+// HasLicense returns true if the package already has license information.
+// Checks both LicenseConcluded and LicenseDeclared fields.
+func (p *Package) HasLicense() bool {
+	return (p.LicenseConcluded != "" &&
+		p.LicenseConcluded != spdxLicenseNone &&
+		p.LicenseConcluded != spdxLicenseNoAssertion) ||
+		(p.LicenseDeclared != "" &&
+			p.LicenseDeclared != spdxLicenseNone &&
+			p.LicenseDeclared != spdxLicenseNoAssertion)
+}
+
+// SetLicense updates the package with the provided license string.
+// Sets LicenseConcluded as the primary field and also updates LicenseDeclared if it's empty.
+func (p *Package) SetLicense(license string) {
+	// Set LicenseConcluded (primary field)
+	p.LicenseConcluded = license
+	// Also set LicenseDeclared if it's empty
+	if p.LicenseDeclared == "" ||
+		p.LicenseDeclared == spdxLicenseNone ||
+		p.LicenseDeclared == spdxLicenseNoAssertion {
+		p.LicenseDeclared = license
+	}
+}
+
+// GetLogID returns the SPDX ID for logging purposes.
+func (p *Package) GetLogID() string {
+	return p.SPDXID
+}
+
 // UnwrapGitHubSBOM checks if the data is wrapped in GitHub's {"sbom": {...}} format and returns the unwrapped SPDX
 // data if so, or the original data otherwise.
 func UnwrapGitHubSBOM(data []byte) ([]byte, error) {
@@ -113,108 +144,30 @@ func NewSPDXEnricher(provider provider.Provider, cache cache.Cache, cacheTTL tim
 }
 
 // Enrich enriches the SPDX SBOM with license information.
-//
-//nolint:gocognit // Complexity is inherent to parallel enrichment with worker pool pattern
 func (s *SPDXEnricher) Enrich(ctx context.Context, opts Options) ([]byte, error) {
 	// Parse the SBOM file into an SPDX document
 	doc, err := ParseSBOMFile(opts.SBOM)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse SBOM file: %w", err)
 	}
 
-	if len(doc.Packages) == 0 {
-		// No packages to enrich, return original SBOM
-		return opts.SBOM, nil
-	}
-
-	// Determine parallelism
-	parallelism := opts.Parallelism
-	if parallelism <= 0 {
-		parallelism = 1
-	}
-
-	// Use provided logger or create a no-op logger
-	logger := opts.Logger
-	if logger == nil {
-		logger = slog.New(slog.NewTextHandler(io.Discard, nil))
-	}
-
-	// Create a channel for packages to enrich
-	type job struct {
-		pkg  *Package
-		purl string
-	}
-
-	jobs := make(chan job, len(doc.Packages))
-	var wg sync.WaitGroup
-
-	// Spawn workers
-	for range parallelism {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			for j := range jobs {
-				// Check if package already has a license
-				// Try LicenseConcluded first, fallback to LicenseDeclared
-				hasLicense := (j.pkg.LicenseConcluded != "" &&
-					j.pkg.LicenseConcluded != spdxLicenseNone &&
-					j.pkg.LicenseConcluded != spdxLicenseNoAssertion) ||
-					(j.pkg.LicenseDeclared != "" &&
-						j.pkg.LicenseDeclared != spdxLicenseNone &&
-						j.pkg.LicenseDeclared != spdxLicenseNoAssertion)
-
-				if hasLicense {
-					continue
-				}
-
-				// Get the license from the service
-				lic, licErr := provider.Get(ctx, provider.GetOptions{
-					Purl:     j.purl,
-					Provider: s.provider,
-					Cache:    s.cache,
-					CacheTTL: s.cacheTTL,
-				})
-				if licErr != nil {
-					// Log error but continue processing other packages
-					logger.ErrorContext(ctx, "failed to get license for package",
-						"purl", j.purl,
-						"spdx_id", j.pkg.SPDXID,
-						"error", licErr)
-					continue
-				}
-				if lic != "" {
-					// Set LicenseConcluded (primary field)
-					j.pkg.LicenseConcluded = lic
-					// Also set LicenseDeclared if it's empty
-					if j.pkg.LicenseDeclared == "" ||
-						j.pkg.LicenseDeclared == spdxLicenseNone ||
-						j.pkg.LicenseDeclared == spdxLicenseNoAssertion {
-						j.pkg.LicenseDeclared = lic
-					}
-				}
-			}
-		}()
-	}
-
-	// Queue all packages
+	// Convert []Package to []*Package for interface satisfaction
+	pkgs := make([]*Package, len(doc.Packages))
 	for i := range doc.Packages {
-		pkg := &doc.Packages[i]
-		// Get the purl for the package if it exists
-		purl, purlErr := GetSPDXPackagePurl(pkg)
-		if purlErr != nil {
-			// Log error but continue processing other packages
-			logger.ErrorContext(ctx, "failed to get purl for package",
-				"spdx_id", pkg.SPDXID,
-				"error", purlErr)
-			continue
-		}
-
-		jobs <- job{pkg: pkg, purl: purl}
+		pkgs[i] = &doc.Packages[i]
 	}
 
-	// Close the channel and wait for workers to finish
-	close(jobs)
-	wg.Wait()
-
-	return json.Marshal(doc)
+	// Enrich and marshal using common helper
+	return enrichDocument(
+		ctx,
+		opts,
+		doc,
+		pkgs,
+		s.provider,
+		s.cache,
+		s.cacheTTL,
+		func(d *Document) ([]byte, error) {
+			return json.Marshal(d)
+		},
+	)
 }