feat(project createbom): store release relation data

Author: gernot-h

ChangeLog.md

@@ -14,11 +14,12 @@
 * CaPyCLI now supports color console output also when running in GitLab CI.
 * `bom map` fix: In few cases with --nocache, it added mixed matches to output
   BOM, now we assure that only the best mapping results are added.
+* `project createbom` stores release relations (`CONTAINED`, `SIDE_BY_SIDE` etc.) as capycli:projectRelation
 
 ## 2.7.0
 
 * fix for `bom findsources` for some JavaScript SBOMs.
-* `bom show` command also lists purl and source code download url in verbose mode.  
+* `bom show` command also lists purl and source code download url in verbose mode.
   If one of the values is missing and `--forceerror` has been specified, error code 97 is returned.
 * `bom show` command also lists license information in verbose mode, but
   only for CycloneDX 1.6 and later.

capycli/common/capycli_bom_support.py

@@ -66,6 +66,7 @@ class CycloneDxSupport():
     CDX_PROP_CLEARING_STATE = "capycli:clearingState"
     CDX_PROP_CATEGORIES = "capycli:categories"
     CDX_PROP_PROJ_STATE = "capycli:projectClearingState"
+    CDX_PROP_PROJ_RELATION = "capycli:projectRelation"
     CDX_PROP_PROFILE = "siemens:profile"
 
     @staticmethod

capycli/project/create_bom.py

@@ -8,7 +8,7 @@
 
 import logging
 import sys
-from typing import Any, Dict, List
+from typing import Any, Dict, List, Tuple
 
 from cyclonedx.model import ExternalReferenceType, HashAlgorithm
 from cyclonedx.model.bom import Bom
@@ -36,14 +36,13 @@ def get_external_id(self, name: str, release_details: Dict[str, Any]) -> str:
 
         return release_details["externalIds"].get(name, "")
 
-    def get_clearing_state(self, proj: Dict[str, Any], href: str) -> str:
-        """Returns the clearing state of the given component/release"""
+    def get_linked_state(self, proj: Dict[str, Any], href: str) -> Tuple[str, str]:
+        """Returns project mainline state and relation of the given release"""
         rel = proj["linkedReleases"]
         for key in rel:
             if key["release"] == href:
-                return key["mainlineState"]
-
-        return ""
+                return (key["mainlineState"], key["relation"])
+        return ("", "")
 
     def create_project_bom(self, project: Dict[str, Any]) -> List[Component]:
         bom: List[Component] = []
@@ -112,9 +111,10 @@ def create_project_bom(self, project: Dict[str, Any]) -> List[Component]:
                 print_red("    ERROR: unable to access project:" + repr(swex))
                 sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
-            state = self.get_clearing_state(project, href)
-            if state:
-                CycloneDxSupport.set_property(rel_item, CycloneDxSupport.CDX_PROP_PROJ_STATE, state)
+            mainline_state, relation = self.get_linked_state(project, href)
+            if mainline_state and relation:
+                CycloneDxSupport.set_property(rel_item, CycloneDxSupport.CDX_PROP_PROJ_STATE, mainline_state)
+                CycloneDxSupport.set_property(rel_item, CycloneDxSupport.CDX_PROP_PROJ_RELATION, relation)
 
             sw360_id = self.client.get_id_from_href(href)
             CycloneDxSupport.set_property(rel_item, CycloneDxSupport.CDX_PROP_SW360ID, sw360_id)

tests/test_base.py

@@ -214,10 +214,10 @@ def get_project_for_test() -> Dict[str, Any]:
                 {
                     "createdBy": "[email protected]",
                     "release": "https://my.server.com/resource/api/releases/r002",
-                    "mainlineState": "SPECIFIC",
+                    "mainlineState": "MAINLINE",
                     "comment": "Automatically updated by SCC",
                     "createdOn": "2023-03-14",
-                    "relation": "UNKNOWN"
+                    "relation": "DYNAMICALLY_LINKED"
                 }
             ],
             "_links": {

tests/test_create_bom.py

@@ -230,6 +230,16 @@ def test_project_by_id(self) -> None:
         assert len(ext_refs_vcs) == 1
         assert str(ext_refs_vcs[0].url) == release["repository"]["url"]
 
+        prj_ml_state = CycloneDxSupport.get_property(cx_comp, CycloneDxSupport.CDX_PROP_PROJ_STATE)
+        assert prj_ml_state.value == "MAINLINE"
+        releaseRelation = CycloneDxSupport.get_property(cx_comp, CycloneDxSupport.CDX_PROP_PROJ_RELATION)
+        assert releaseRelation.value == "DYNAMICALLY_LINKED"
+
+        prj_ml_state = CycloneDxSupport.get_property(cdx_bom.components[1], CycloneDxSupport.CDX_PROP_PROJ_STATE)
+        assert prj_ml_state.value == "SPECIFIC"
+        releaseRelation = CycloneDxSupport.get_property(cdx_bom.components[1], CycloneDxSupport.CDX_PROP_PROJ_RELATION)
+        assert releaseRelation.value == "UNKNOWN"
+
         assert cdx_bom.metadata.component is not None
         if cdx_bom.metadata.component:
             assert cdx_bom.metadata.component.name == project["name"]

tests/test_show_project.py

@@ -168,7 +168,7 @@ def test_project_show_by_id(self) -> None:
         self.assertTrue("Project owner: [email protected]" in out)
         self.assertTrue("Clearing state: IN_PROGRESS" in out)
         self.assertTrue("No linked projects" in out)
-        self.assertTrue("cli-support, 1.3 = SPECIFIC, APPROVED" in out)
+        self.assertTrue("cli-support, 1.3 = MAINLINE, APPROVED" in out)
         self.assertTrue("wheel, 0.38.4 = SPECIFIC, APPROVED" in out)
 
     @responses.activate
@@ -337,7 +337,7 @@ def test_project_show_with_subproject(self) -> None:
         self.assertTrue("Clearing state: IN_PROGRESS" in out)
         self.assertTrue("Linked projects:" in out)
         self.assertTrue("sub-project-dummy, 2.0.1" in out)
-        self.assertTrue("cli-support, 1.3 = SPECIFIC, APPROVED" in out)
+        self.assertTrue("cli-support, 1.3 = MAINLINE, APPROVED" in out)
         self.assertTrue("wheel, 0.38.4 = SPECIFIC, APPROVED" in out)
 
         self.assertTrue(os.path.isfile(self.OUTPUTFILE), "no output file generated")