Merge pull request #152 from siemens/Develop_3_18_24

Release v6.2.0

CA.nuspec

@@ -4,7 +4,7 @@
 <package >
   <metadata>
     <id>continuous-clearing</id>
-    <version>6.1.0</version>
+    <version>6.2.0</version>
     <authors>Siemens AG</authors>
     <owners>continuous-clearing contributors</owners>
     <projectUrl>https://github.com/siemens/continuous-clearing</projectUrl>
@@ -17,7 +17,7 @@
       for clearing license
     </description>
     <releaseNotes></releaseNotes>
-    <copyright>Copyright 2023</copyright>
+    <copyright>Copyright 2024</copyright>
     <tags>ClearingTool SW360 OSS Clearing Software Continuous-Clearing NPM NUGET DEBIAN MAVEN PYTHON SBOM</tags>
   </metadata>
 

TestFiles/IntegrationTestFiles/ArtifactoryUploaderTestData/NugetComparisonBOM.json

@@ -42,23 +42,23 @@
       "Components": null,
       "Properties": [
         {
-          "Name": "internal",
+          "Name": "internal:siemens:clearing:development",
           "Value": "false"
         },
         {
-          "Name": "ArtifactoryRepoName",
+          "Name": "internal:siemens:clearing:repo-name",
           "Value": "siparty-release-nuget-egll"
         },
         {
-          "Name": "ProjectType",
+          "Name": "internal:siemens:clearing:project-type",
           "Value": "NUGET"
         },
         {
-          "Name": "ApprovedStatus",
+          "Name": "internal:siemens:clearing:clearing-state",
           "Value": "APPROVED"
         },
         {
-          "Name": "ReleaseLink",
+          "Name": "internal:siemens:clearing:sw360:release-url",
           "Value": "http://localhost:8090/resource/api/releases/48fe0619e8f64cc3a5c1563bf15e6240"
         }
       ],
@@ -87,23 +87,23 @@
       "Components": null,
       "Properties": [
         {
-          "Name": "internal",
+          "Name": "internal:siemens:clearing:development",
           "Value": "false"
         },
         {
-          "Name": "ArtifactoryRepoName",
+          "Name": "internal:siemens:clearing:repo-name",
           "Value": "siparty-release-nuget-egll"
         },
         {
-          "Name": "ProjectType",
+          "Name": "internal:siemens:clearing:project-type",
           "Value": "NUGET"
         },
         {
-          "Name": "ApprovedStatus",
+          "Name": "internal:siemens:clearing:clearing-state",
           "Value": "Not Available"
         },
         {
-          "Name": "ReleaseLink",
+          "Name": "internal:siemens:clearing:sw360:release-url",
           "Value": "http://localhost:8090/resource/api/releases/eb5f54a94a544138a86bc423d66a4bb1"
         }
       ],

doc/UsageDoc/CA_UsageDocument.md

@@ -207,36 +207,20 @@ Currently LTA support is not provided for SBOM, hence until that is implemented
           * Input file repository should contain **conan.lock** file. 
 		  
 
-      - **Project Type :**  **Debian** 
+      - **Project Type :**  **Debian & Alpine** 
        
    	      **Note** : below steps is required only if you have `tar` file to process , otherwise you can keep `CycloneDx.json` file in the InputDirectory.
           *  Create `InputImage` directory for keeping `tar` images and `InputDirectory` for resulted file storing .
 
           *  Run the command given below by replacing the place holder values (i.e., path to input image directory, path to input directory and file name of the Debian image to be cleared) with actual values.
             
-              **Example**:   `docker run --rm -v <path/to/InputImageDirectory>:/tmp/InputImages -v <path/to/InputDirectory>:/tmp/OutputFiles ghcr.io/siemens/continuous-clearing ./syft packages /tmp/InputImages/<fileNameofthedebianImageTobeCleared.tar> -o cyclonedx-json --file "/tmp/OutputFiles/output.json"`
+              **Example**:   `docker run --rm -v <path/to/InputImageDirectory>:/tmp/InputImages -v <path/to/InputDirectory>:/tmp/OutputFiles ghcr.io/siemens/continuous-clearing ./syft packages /tmp/InputImages/<fileNameoftheImageTobeCleared.tar> -o cyclonedx-json --file "/tmp/OutputFiles/output.json"`
            
            
              After successful execution, `output.json` (_CycloneDX.json_) file will be created in specified directory
            
              ![image.png](../usagedocimg/output.PNG)
            
-             Resulted `output.json` file will be having the list of installed packages  and the same file will be used as  an input to `Continuous clearing tool - Bom creator` as an argument(`--packagefilepath`). The remaining process is same as other project types.
-      - **Project Type :**  **Alpine** 
-
-   	      **Note** : below steps is required only if you have `tar` file to process , otherwise you can keep `CycloneDx.json` file in the InputDirectory.
-   	`       
-          *  Create `InputImage` directory for keeping `tar` images and `InputDirectory` for resulted file storing .
-
-          *  Run the command given below by replacing the place holder values (i.e., path to input image directory, path to input directory and file name of the Alpine image to be cleared) with actual values.
-
-              **Example**:   `docker run --rm -v <path/to/InputImageDirectory>:/tmp/InputImages -v <path/to/InputDirectory>:/tmp/OutputFiles ghcr.io/siemens/continuous-clearing ./syft packages /tmp/InputImages/<fileNameoftheAlpineImageTobeCleared.tar> -o cyclonedx-json --file "/tmp/OutputFiles/output.json"`
-
-
-             After successful execution, `output.json` (_CycloneDX.json_) file will be created in specified directory
-
-             ![image.png](../usagedocimg/output.PNG)
-
              Resulted `output.json` file will be having the list of installed packages  and the same file will be used as  an input to `Continuous clearing tool - Bom creator` as an argument(`--packagefilepath`). The remaining process is same as other project types.
 
 ### **Configuring the Continuous Clearing Tool**
@@ -253,7 +237,7 @@ Currently LTA support is not provided for SBOM, hence until that is implemented
 
 ```
 {
-  "CaVersion": "4.0.0",
+  "CaVersion": "6.2.0",
   "TimeOut": 200,
   "ProjectType": "<Insert ProjectType>",
   "SW360ProjectName": "<Insert SW360 Project Name>",
@@ -409,7 +393,8 @@ You can also pass the above mentioned arguments in the command line.
 
   Incase if you want to exclude a single component of the format _"@group/componentname"_ `eg : @angular/common` specify it as _"@group/componentname:version"_ i.e `@angular/common:4.2.6`
 
-  If multiple versions has to be excluded of the same component specify it as _"@group/componentname:*"_ i.e `@angular/common:*`
+  If multiple versions has to be excluded of the same component, specify it as _"@group/componentname:*"_ i.e `@angular/common:*`
+  If multiple Component has to be excluded along with version, specify it as _"@group/componentname*:*"_ i.e `@angular/comm*:*`
 
   In order to **Exclude specific folders** from the execution, It can be specified under the **Exclude section** of that specific **package type**.
 
@@ -563,4 +548,4 @@ For reporting any bug or enhancement and for your feedbacks click [here](https:/
 - SW360 API Guide : [https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/](https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/)
 - FOSSology API Guide: [https://www.fossology.org/get-started/basic-rest-api-calls/](https://www.fossology.org/get-started/basic-rest-api-calls/)
 
-Copyright © Siemens AG ▪ 2023
+Copyright © Siemens AG ▪ 2024

src/AritfactoryUploader.UTest/ArtifactoryUploaderTest.cs

@@ -21,6 +21,7 @@
 using LCT.Services.Interface;
 using LCT.Services;
 using UnitTestUtilities;
+using LCT.ArtifactoryUploader.Model;
 
 namespace AritfactoryUploader.UTest
 {
@@ -42,6 +43,7 @@ public async Task UploadPackageToRepo_InputEmptyCreds_ReturnsPackgeNotFound()
                 JFrogApi = UTParams.JFrogURL
             };
             ArtfactoryUploader.jFrogService = GetJfrogService(appSettings);
+            DisplayPackagesInfo displayPackagesInfo = PackageUploadHelper.GetComponentsToBePackages();
             var componentsToArtifactory = new ComponentsToArtifactory
             {
                 Name = "html5lib",
@@ -63,7 +65,7 @@ public async Task UploadPackageToRepo_InputEmptyCreds_ReturnsPackgeNotFound()
             };
 
             //Act
-            var responseMessage = await ArtfactoryUploader.UploadPackageToRepo(componentsToArtifactory, 100);
+            var responseMessage = await ArtfactoryUploader.UploadPackageToRepo(componentsToArtifactory, 100, displayPackagesInfo);
             Assert.AreEqual(HttpStatusCode.NotFound, responseMessage.StatusCode);
             Assert.AreEqual("Package Not Found", responseMessage.ReasonPhrase);
 

src/AritfactoryUploader.UTest/PackageUploadHelperTest.cs

@@ -16,6 +16,7 @@
 using UnitTestUtilities;
 using System.Threading.Tasks;
 using System.Linq;
+using LCT.ArtifactoryUploader.Model;
 
 namespace AritfactoryUploader.UTest
 {
@@ -64,6 +65,7 @@ public async Task GetComponentsToBeUploadedToArtifactory_GivenFewApprovedCompone
             List<Component> componentLists = GetComponentList();
             string exePath = System.Reflection.Assembly.GetExecutingAssembly().Location;
             string outFolder = Path.GetDirectoryName(exePath);
+            DisplayPackagesInfo displayPackagesInfo = PackageUploadHelper.GetComponentsToBePackages();
             CommonAppSettings appSettings = new CommonAppSettings()
             {
                 ArtifactoryUploadApiKey = "wfwfwfwfwegwgweg",
@@ -76,7 +78,7 @@ public async Task GetComponentsToBeUploadedToArtifactory_GivenFewApprovedCompone
             };
 
             //Act
-            List<ComponentsToArtifactory> uploadList = await PackageUploadHelper.GetComponentsToBeUploadedToArtifactory(componentLists, appSettings);
+            List<ComponentsToArtifactory> uploadList = await PackageUploadHelper.GetComponentsToBeUploadedToArtifactory(componentLists, appSettings, displayPackagesInfo);
             // Assert
             Assert.That(3, Is.EqualTo(uploadList.Count), "Checks for 2  no of components to upload");
         }
@@ -87,6 +89,7 @@ public async Task GetComponentsToBeUploadedToArtifactory_GivenAllApprovedCompone
         {
             //Arrange
             List<Component> componentLists = GetComponentList();
+            DisplayPackagesInfo displayPackagesInfo = PackageUploadHelper.GetComponentsToBePackages();
             foreach (var component in componentLists)
             {
                 if (component.Name == "@angular/core")
@@ -108,7 +111,7 @@ public async Task GetComponentsToBeUploadedToArtifactory_GivenAllApprovedCompone
             };
 
             //Act
-            List<ComponentsToArtifactory> uploadList = await PackageUploadHelper.GetComponentsToBeUploadedToArtifactory(componentLists, appSettings);
+            List<ComponentsToArtifactory> uploadList = await PackageUploadHelper.GetComponentsToBeUploadedToArtifactory(componentLists, appSettings, displayPackagesInfo);
 
             // Assert
             Assert.That(4, Is.EqualTo(uploadList.Count), "Checks for 3 no of components to upload");
@@ -119,6 +122,7 @@ public async Task GetComponentsToBeUploadedToArtifactory_GivenNotApprovedCompone
         {
             //Arrange
             List<Component> componentLists = GetComponentList();
+            DisplayPackagesInfo displayPackagesInfo = PackageUploadHelper.GetComponentsToBePackages();
             foreach (var component in componentLists)
             {
                 component.Properties[1].Value = "NEW_CLEARING";
@@ -136,7 +140,7 @@ public async Task GetComponentsToBeUploadedToArtifactory_GivenNotApprovedCompone
             };
 
             //Act
-            List<ComponentsToArtifactory> uploadList =await PackageUploadHelper.GetComponentsToBeUploadedToArtifactory(componentLists, appSettings);
+            List<ComponentsToArtifactory> uploadList =await PackageUploadHelper.GetComponentsToBeUploadedToArtifactory(componentLists, appSettings, displayPackagesInfo);
 
             // Assert
             Assert.That(0, Is.EqualTo(uploadList.Count), "Checks for components to upload to be zero");

src/AritfactoryUploader.UTest/PackageUploaderTest.cs

@@ -20,6 +20,10 @@
 using LCT.Facade.Interfaces;
 using LCT.Facade;
 using LCT.Services;
+using CycloneDX.Models;
+using LCT.Common.Constants;
+using LCT.Common.Model;
+using System.Collections.Generic;
 
 namespace AritfactoryUploader.UTest
 {
@@ -69,6 +73,89 @@ public async Task UploadPackageToArtifactory_GivenAppsettings()
             Assert.That(2, Is.EqualTo(PackageUploader.uploaderKpiData.PackagesNotUploadedDueToError), "Checks for no of components not uploaded due to error");
         }
 
+        [Test]
+        public void DisplayAllSettings_GivenListOfComponents_ReturnPackageSettings()
+        {
+            //Arrange
+            CommonAppSettings CommonAppSettings = new CommonAppSettings()
+            {
+
+                JFrogApi = UTParams.JFrogURL,
+                Npm = new Config
+                {
+                    JfrogThirdPartyDestRepoName = "npm-test",
+                    JfrogDevDestRepoName = "npm-test",
+                    JfrogInternalDestRepoName = "npm-test",
+                    Include = { },
+                    Exclude = { },
+                },
+                Conan = new Config
+                {
+                    JfrogThirdPartyDestRepoName = "conan-test",
+                    JfrogDevDestRepoName = "conan-test",
+                    JfrogInternalDestRepoName = "conan-test",
+                    Include = { },
+                    Exclude = { },
+                },
+                Nuget = new Config
+                {
+                    JfrogThirdPartyDestRepoName = "nuget-test",
+                    JfrogDevDestRepoName = "nuget-test",
+                    JfrogInternalDestRepoName = "nuget-test",
+                    Include = { },
+                    Exclude = { },
+                },
+                Python = new Config
+                {
+                    JfrogThirdPartyDestRepoName = "python-test",
+                    JfrogDevDestRepoName = "python-test",
+                    JfrogInternalDestRepoName = "python-test",
+                    Include = { },
+                    Exclude = { },
+                },
+                Maven = new Config
+                {
+                    JfrogThirdPartyDestRepoName = "maven-test",
+                    JfrogDevDestRepoName = "maven-test",
+                    JfrogInternalDestRepoName = "maven-test",
+                    Include = { },
+                    Exclude = { },
+                },
+                Debian = new Config
+                {
+                    JfrogThirdPartyDestRepoName = "debian-test",
+                    JfrogDevDestRepoName = "debian-test",
+                    JfrogInternalDestRepoName = "debian-test",
+                    Include = { },
+                    Exclude = { },
+                },
+                TimeOut = 100,
+                Release = false
+            };
+            List<Component> m_ComponentsInBOM = new()
+            {
+                new Component {
+                Name="test",
+                Version="1.0.0",
+                Properties=new List<Property>()
+                {
+                new Property{Name=Dataconstant.Cdx_ProjectType,Value="NPM"},
+                new Property{Name=Dataconstant.Cdx_ProjectType,Value="CONAN"},
+                new Property{Name=Dataconstant.Cdx_ProjectType,Value="NUGET"},
+                new Property{Name=Dataconstant.Cdx_ProjectType,Value="MAVEN"},
+                new Property{Name=Dataconstant.Cdx_ProjectType,Value="DEBIAN"},
+                new Property{Name=Dataconstant.Cdx_ProjectType,Value="PYTHON"}
+                }
+            }
+            };
+            //Act
+            PackageUploader.DisplayAllSettings(m_ComponentsInBOM, CommonAppSettings);
+
+            //Assert
+            Assert.IsTrue(true);
+        }
+
+
 
         private static IJFrogService GetJfrogService(CommonAppSettings appSettings)
         {

src/ArtifactoryUploader/ArtifactoryUploader.cs

@@ -8,6 +8,7 @@
 using LCT.APICommunications.Interfaces;
 using LCT.APICommunications.Model;
 using LCT.APICommunications.Model.AQL;
+using LCT.ArtifactoryUploader.Model;
 using LCT.Services.Interface;
 using log4net;
 using System;
@@ -28,7 +29,7 @@ public static class ArtfactoryUploader
         private static string srcRepoName = Environment.GetEnvironmentVariable("JfrogSrcRepo");
         public static IJFrogService jFrogService { get; set; }
 
-        public static async Task<HttpResponseMessage> UploadPackageToRepo(ComponentsToArtifactory component, int timeout)
+        public static async Task<HttpResponseMessage> UploadPackageToRepo(ComponentsToArtifactory component, int timeout, DisplayPackagesInfo displayPackagesInfo)
         {
             Logger.Debug("Starting UploadPackageToArtifactory method");
             string operationType = component.PackageType == PackageType.ClearedThirdParty || component.PackageType == PackageType.Development ? "copy" : "move";
@@ -77,8 +78,7 @@ public static async Task<HttpResponseMessage> UploadPackageToRepo(ComponentsToAr
                     return responsemessage;
                 }
 
-                Logger.Info($"Successful{dryRunSuffix} {operationType} package {component.PackageName}-{component.Version}" +
-                                    $" from {component.SrcRepoName} to {component.DestRepoName}");
+                await PackageUploadHelper.JfrogFoundPackagesAsync(component, displayPackagesInfo, operationType, responsemessage, dryRunSuffix);
 
             }
             catch (HttpRequestException ex)

src/ArtifactoryUploader/ArtifactoryValidator.cs

@@ -14,13 +14,12 @@
 using System.Reflection;
 using System.Threading.Tasks;
 using System.Net;
+using System;
 
 namespace LCT.ArtifactoryUploader
 {
     public class ArtifactoryValidator
     {
-        static readonly ILog Logger = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
-
         private readonly NpmJfrogApiCommunication JfrogApiCommunication;
 
         public ArtifactoryValidator(NpmJfrogApiCommunication jfrogApiCommunication)
@@ -30,13 +29,18 @@ public ArtifactoryValidator(NpmJfrogApiCommunication jfrogApiCommunication)
 
         public async Task ValidateArtifactoryCredentials(CommonAppSettings appSettings)
         {
-            HttpResponseMessage responseMessage = await JfrogApiCommunication.GetApiKey();
-
-            if (responseMessage.StatusCode != HttpStatusCode.OK)
+            HttpResponseMessage responseMessage = new HttpResponseMessage();
+            try
+            {
+                responseMessage = await JfrogApiCommunication.GetApiKey();
+                responseMessage.EnsureSuccessStatusCode();
+            }
+            catch(HttpRequestException ex)
             {
-                Logger.Error("Artifactory Token entered is invalid!");
-                throw new InvalidDataException($"Invalid Artifactory Token");
+                ExceptionHandling.HttpException(ex,responseMessage, "Artifactory");
+                Environment.Exit(-1);
             }
+
         }
     }
 }