From dc2927b5a8e3dd24cadff956c467520b256e1b87 Mon Sep 17 00:00:00 2001 From: Leo Reinmann Date: Tue, 10 Jun 2025 14:34:42 +0200 Subject: [PATCH 1/8] chore(ci): add code coverage badge --- .github/workflows/build-and-test.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index ffc66de..221e615 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -72,6 +72,17 @@ jobs: with: name: pytest-results-${{ matrix.python-version }} path: coverage.xml + - name: Run coverage badge + run: | + sudo apt-get install xq + pip install anybadge + cov_value=$(xq --xpath "//coverage/@line-rate" coverage.xml) + cov_rounded=$(printf "%.1f\n" $(bc <<< "100*${cov_value}")) + echo "Coverage found: ${cov_rounded}%" + anybadge --label python:coverage --value ${cov_rounded} --suffix "%" --file .github/badges/coverage-python.svg --overwrite + - uses: stefanzweifel/git-auto-commit-action@v5 + with: + commit_message: "chore(docs): update coverage badge" lint: runs-on: ubuntu-latest From 2a2cc2ec3629738c5db5bf268e9bb477b1a9faf5 Mon Sep 17 00:00:00 2001 From: Leo Reinmann Date: Tue, 10 Jun 2025 14:44:08 +0200 Subject: [PATCH 2/8] fix(ci): modify pypi url --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c3466e5..eb4150a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest environment: name: pypi - url: https://pypi.org/p/siemens-standard-bom-python + url: https://pypi.org/p/siemens-standard-bom permissions: id-token: write needs: call-build-and-test-workflow From 87c4e14ecc57e24e6aec4fdaa5858c60555589cc Mon Sep 17 00:00:00 2001 From: Leo Reinmann Date: Tue, 10 Jun 2025 14:44:49 +0200 Subject: [PATCH 3/8] fix(ci): extract coverage badge job from test job --- .github/workflows/build-and-test.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 221e615..4eb64bd 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -72,10 +72,23 @@ jobs: with: name: pytest-results-${{ matrix.python-version }} path: coverage.xml + + coverage-badge: + runs-on: ubuntu-latest + permissions: + contents: write + needs: + - tests + steps: + - name: Download coverage artifact + uses: actions/download-artifact@v4 + with: + name: pytest-results-3.13 - name: Run coverage badge run: | sudo apt-get install xq pip install anybadge + mkdir -p .github/badges/ cov_value=$(xq --xpath "//coverage/@line-rate" coverage.xml) cov_rounded=$(printf "%.1f\n" $(bc <<< "100*${cov_value}")) echo "Coverage found: ${cov_rounded}%" @@ -84,6 +97,7 @@ jobs: with: commit_message: "chore(docs): update coverage badge" + lint: runs-on: ubuntu-latest steps: From 89d0e960c68e42908cfb0fefce3bf56506b417c3 Mon Sep 17 00:00:00 2001 From: Leo Reinmann Date: Tue, 10 Jun 2025 14:58:59 +0200 Subject: [PATCH 4/8] fix(ci): change output path for badge --- .github/workflows/build-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 4eb64bd..218a62c 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -92,7 +92,7 @@ jobs: cov_value=$(xq --xpath "//coverage/@line-rate" coverage.xml) cov_rounded=$(printf "%.1f\n" $(bc <<< "100*${cov_value}")) echo "Coverage found: ${cov_rounded}%" - anybadge --label python:coverage --value ${cov_rounded} --suffix "%" --file .github/badges/coverage-python.svg --overwrite + anybadge --label python:coverage --value ${cov_rounded} --suffix "%" --file badges/coverage-python.svg --overwrite - uses: stefanzweifel/git-auto-commit-action@v5 with: commit_message: "chore(docs): update coverage badge" From c105518aa196b7d6a4abaf31aad2ad0c92faddd4 Mon Sep 17 00:00:00 2001 From: Leo Reinmann Date: Tue, 10 Jun 2025 15:01:31 +0200 Subject: [PATCH 5/8] fix(ci): change path of mkdir command --- .github/workflows/build-and-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 218a62c..2302883 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -88,7 +88,7 @@ jobs: run: | sudo apt-get install xq pip install anybadge - mkdir -p .github/badges/ + mkdir -p badges/ cov_value=$(xq --xpath "//coverage/@line-rate" coverage.xml) cov_rounded=$(printf "%.1f\n" $(bc <<< "100*${cov_value}")) echo "Coverage found: ${cov_rounded}%" From ad3492692a50c399bdfef96264a1e7792b3aef5a Mon Sep 17 00:00:00 2001 From: Leo Reinmann Date: Tue, 10 Jun 2025 15:14:00 +0200 Subject: [PATCH 6/8] fix(ci): add checkout step --- .github/workflows/build-and-test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 2302883..ffc13c0 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -80,6 +80,9 @@ jobs: needs: - tests steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Download coverage artifact uses: actions/download-artifact@v4 with: @@ -96,7 +99,7 @@ jobs: - uses: stefanzweifel/git-auto-commit-action@v5 with: commit_message: "chore(docs): update coverage badge" - + commit_user_name: "CI/CD Push Token" lint: runs-on: ubuntu-latest From 76e0474f3b1c4890e788c21574a54f2977c908b4 Mon Sep 17 00:00:00 2001 From: leoreinmann <39160328+leoreinmann@users.noreply.github.com> Date: Tue, 10 Jun 2025 13:15:35 +0000 Subject: [PATCH 7/8] chore(docs): update coverage badge --- badges/coverage-python.svg | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 badges/coverage-python.svg diff --git a/badges/coverage-python.svg b/badges/coverage-python.svg new file mode 100644 index 0000000..9fb37a6 --- /dev/null +++ b/badges/coverage-python.svg @@ -0,0 +1,23 @@ + + + + + + + + + + + + + + + + python:coverage + python:coverage + + + 96.8% + 96.8% + + From 7d897adb1b9962ad6a8a834009739b80115e3128 Mon Sep 17 00:00:00 2001 From: Leo Reinmann Date: Tue, 10 Jun 2025 15:21:45 +0200 Subject: [PATCH 8/8] docs(readme): add badge to readme header --- README.md | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 1bfa537..52b7873 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,15 @@ # Standard BOM for Python [![build](https://github.com/siemens/standard-bom-python/actions/workflows/ci.yml/badge.svg)](https://github.com/siemens/standard-bom-python/actions/workflows/ci.yml) +![coverage](badges/coverage-python.svg) [![GitHub Tag](https://img.shields.io/github/v/tag/siemens/standard-bom-python)](https://github.com/siemens/standard-bom-python/releases/latest) A Python library for creating and consuming documents in [standard-bom format](https://sbom.siemens.io/latest/format.html). -"Standard BOM" is our Siemens-internal SBOM format based on the [Siemens CycloneDX Property Taxonomy](https://github.com/siemens/cyclonedx-property-taxonomy), which is 100% compatible with the CycloneDX. +"Standard BOM" is our Siemens-internal SBOM format based on +the [Siemens CycloneDX Property Taxonomy](https://github.com/siemens/cyclonedx-property-taxonomy), which is 100% compatible with the +CycloneDX. Every Standard BOM document is a 100% CycloneDX document, so both CycloneDX and Standard BOM formats are supported both for reading and writing SBOMs with this library. @@ -27,11 +30,13 @@ pip install siemens-standard-bom poetry add siemens-standard-bom ``` -The library provides Standard BOM parser and serializer classes. The parser class is used to read a Standard BOM from a file, and the serializer class is used to write a Standard BOM to a file. +The library provides Standard BOM parser and serializer classes. The parser class is used to read a Standard BOM from a file, and the +serializer class is used to write a Standard BOM to a file. > 💡 **Hint:** - This library provides strict type checking using [mypy](https://mypy.readthedocs.io/en/stable/). - Using [mypy with strict type checks](https://mypy.readthedocs.io/en/stable/existing_code.html#introduce-stricter-options) in your own codebase is recommended to ensure type safety. +> This library provides strict type checking using [mypy](https://mypy.readthedocs.io/en/stable/). +> Using [mypy with strict type checks](https://mypy.readthedocs.io/en/stable/existing_code.html#introduce-stricter-options) in your own +> codebase is recommended to ensure type safety. ## Read a Standard BOM from a JSON file @@ -108,7 +113,8 @@ tools: Iterable[SbomComponent] = bom.tools ## Setting licenses to a component You can set licenses to a component by using the `licenses` setter method of the `SbomComponent` -class. `SbomComponent.licenses` setter method accepts an iterable of type `License` which can be a `LicenseExpression` or a `DisjunctiveLicense`: +class. `SbomComponent.licenses` setter method accepts an iterable of type `License` which can be a `LicenseExpression` or +a `DisjunctiveLicense`: ```python from cyclonedx.model.license import LicenseExpression @@ -134,13 +140,13 @@ Once you have those prerequisites you can perform following development tasks lo poetry install ``` - then + then ```bash poetry build ``` - This will generate the build artifacts under `dist/` folder. + This will generate the build artifacts under `dist/` folder. - Run all unit tests with all test cases and static code analysis @@ -148,7 +154,7 @@ Once you have those prerequisites you can perform following development tasks lo poetry run tox run ``` - This will run all the tests for all supported Python versions as well as static linting and type checking. + This will run all the tests for all supported Python versions as well as static linting and type checking. ## License