diff --git a/capycli/bom/create_components.py b/capycli/bom/create_components.py index e6afb74..7a831d6 100644 --- a/capycli/bom/create_components.py +++ b/capycli/bom/create_components.py @@ -236,10 +236,13 @@ def add_licenses(self, cx_comp: Component, data: Dict[str, Any]) -> None: data["mainLicenseIds"] = licenses def prepare_release_data(self, cx_comp: Component) -> Dict[str, Any]: - """Create release data structure as expected by SW360 REST API + """Create the Release data structure as expected by SW360 REST API. - :param item: a single bill of materials item - a release - :type item: dictionary + If the Source Code Download URL is missing in the given Release, try to update the VCS/Repository URL + of the corresponding SW360 Component with the repository or website URL from the Release. + + :param cx_comp: a single bill of materials item - a Release + :type cx_comp: Component :return: the release :rtype: release (dictionary) """ @@ -251,6 +254,8 @@ def prepare_release_data(self, cx_comp: Component) -> Dict[str, Any]: src_url = str(CycloneDxSupport.get_ext_ref_source_url(cx_comp)) if src_url: data["sourceCodeDownloadurl"] = src_url + else: + print_red(" No Source Code Download URL found.") bin_url = str(CycloneDxSupport.get_ext_ref_binary_url(cx_comp)) if bin_url: @@ -266,17 +271,6 @@ def prepare_release_data(self, cx_comp: Component) -> Dict[str, Any]: data["additionalData"] = {} data["additionalData"]["createdWith"] = capycli.get_app_signature() - # use project site as fallback for source code download url - website = CycloneDxSupport.get_ext_ref_website(cx_comp) - repo = CycloneDxSupport.get_ext_ref_repository(cx_comp) - if not src_url: - if repo: - print(" Using repository for source code download URL...") - data["sourceCodeDownloadurl"] = str(repo) - elif website: - print(" Using website for source code download URL...") - data["sourceCodeDownloadurl"] = str(website) - language = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_LANGUAGE) if language: data["languages"] = [] diff --git a/tests/test_bom_create_components.py b/tests/test_bom_create_components.py index ceb1ae4..9755ba1 100644 --- a/tests/test_bom_create_components.py +++ b/tests/test_bom_create_components.py @@ -61,7 +61,7 @@ def test_create_component(self) -> None: release_data = {"name": "activemodel", "version": "5.2.4.3", "mainlineState": "OPEN", "languages": ["Ruby"], - "sourceCodeDownloadurl": "http://test.org", + "sourceCodeDownloadurl": "http://test.org/activemodel@5.2.4.3.zip", "externalIds": {"package-url": "pkg:gem/activemodel@5.2.4.3"}, "additionalData": {"createdWith": capycli.get_app_signature()}} responses.add( @@ -85,6 +85,7 @@ def test_create_component(self) -> None: CycloneDxSupport.update_or_set_property(item, CycloneDxSupport.CDX_PROP_LANGUAGE, "Ruby") CycloneDxSupport.update_or_set_property(item, CycloneDxSupport.CDX_PROP_CATEGORIES, "devel") CycloneDxSupport.update_or_set_ext_ref(item, ExternalReferenceType.WEBSITE, "", "http://test.org") + CycloneDxSupport.update_or_set_ext_ref(item, ExternalReferenceType.SOURCE_DISTRIBUTION, "", "http://test.org/activemodel@5.2.4.3.zip") self.app.create_component_and_release(item) assert len(responses.calls) == 3