Merge pull request #64 from macblazer/59-improve-stability-of-BOM-output

Improve stability of bom output
CycloneDX · Jan 6, 2024 · bd31b91 · bd31b91
2 parents 8372b54 + d76b178
commit bd31b91
Show file tree

Hide file tree

Showing 5 changed files with 142 additions and 59 deletions.
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -17,6 +17,18 @@
 # Copyright (c) OWASP Foundation. All Rights Reserved.
 #
 
+inherit_mode:
+  # Keep the default excluded file paths, and we will exclude more paths
+  merge:
+    - Exclude
+
 AllCops:
   TargetRubyVersion: 2.4.0
   NewCops: enable
+  # Completely ignore test fixture files
+  Exclude:
+    - 'spec/fixtures/**/*'
+
+# Allow RSpec files to have long blocks for the tests.
+Metrics/BlockLength:
+  AllowedMethods: ['describe', 'context', 'shared_examples']
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.2.0]
+
+### Added
+- Includes dependency relationship information for each of the components. ([Issue #58](https://github.com/CycloneDX/cyclonedx-cocoapods/issues/58)) [@fnxpt](https://github.com/fnxpt).
+
+### Changed
+- Components and dependencies are output in alphabetically sorted order by `purl` to increase reproducability of BOM generation. ([Issue #59](https://github.com/CycloneDX/cyclonedx-cocoapods/issues/59)) [@macblazer](https://github.com/macblazer).
+
 ## [1.1.2]
 
 ### Changed

diff --git a/lib/cyclonedx/cocoapods/bom_builder.rb b/lib/cyclonedx/cocoapods/bom_builder.rb
@@ -123,9 +123,9 @@ class BOMBuilder
       attr_reader :component, :pods, :dependencies
 
       def initialize(pods:, component: nil, dependencies: nil)
-        @pods = pods
+        @pods = pods.sort_by(&:purl)
         @component = component
-        @dependencies = dependencies
+        @dependencies = dependencies&.sort
       end
 
       def bom(version: 1)
@@ -152,7 +152,7 @@ def bom(version: 1)
       def bom_dependencies(xml, dependencies)
         dependencies&.each do |key, array|
           xml.dependency(ref: key) do
-            array.each do |value|
+            array.sort.each do |value|
               xml.dependency(ref: value)
             end
           end

diff --git a/lib/cyclonedx/cocoapods/version.rb b/lib/cyclonedx/cocoapods/version.rb
@@ -21,6 +21,6 @@
 
 module CycloneDX
   module CocoaPods
-    VERSION = '1.1.2'
+    VERSION = '1.2.0'
   end
 end