@cyclonedx/bom:^3.8 & node >= 12.0.0 & tests

fixes #50

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

.github/workflows/nodejs.yml

@@ -14,8 +14,8 @@ env:
   NODE_ACTIVE_LTS: "16"
 
 jobs:
-  unit-test:
-    name: UnitTest (node${{ matrix.node-version }}, ${{ matrix.os }})
+  test-jest:
+    name: test:Jest (node${{ matrix.node-version }}, ${{ matrix.os }})
     timeout-minutes: 30
     runs-on: ${{ matrix.os }}
     strategy:
@@ -29,8 +29,7 @@ jobs:
           - "16"      # active LTS
           - "14"
           - "12"
-          - "10"
-          - "8"       # lowest supported
+          - "12.0.0"  # lowest supported
     env:
       REPORTS_ARTIFACT: tests-reports
     steps:
@@ -42,13 +41,17 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
-          cache: "npm"
-          cache-dependency-path: "**/package-lock.json"
-      - name: display node version
-        run: node --version
+        #  cache: "npm"
+        #  cache-dependency-path: "**/package-lock.json"
+      - name: display version
+        run: |-
+          node --version
+          npm --version
       - name: install project
         run: npm ci
       - name: build
         run: npm run build --if-present
-      - name: run tests
-        run: npm test --if-present
+      - name: set up tests
+        run: npm run setup-tests
+      - name: test
+        run: npm run test:jest

.gitignore

@@ -2,6 +2,8 @@
 /CI_reports/
 /release_assets/
 
+*.cache
+
 ## taken from https://github.com/github/gitignore/blob/main/Node.gitignore
 
 # Logs

.lift.toml

@@ -0,0 +1,6 @@
+# Lift config. See:
+# https://help.sonatype.com/lift/configuring-lift
+
+ignoreFiles = """
+tests/integration/*/
+"""

CONTRIBUTING.md

@@ -0,0 +1,33 @@
+# Contributing
+
+Pull requests are welcome.
+But please read the
+[CycloneDX contributing guidelines](https://github.com/CycloneDX/.github/blob/master/CONTRIBUTING.md)
+first.
+
+## Setup
+
+To start developing simply run `npm ci` to install dev-dependencies and tools.
+
+## Testing
+
+Set up the tests once, via:
+
+```shell
+npm run setup-tests
+```
+
+Run to have a proper test suite pass:
+
+```shell
+npm test
+```
+
+## Sign your commits
+
+Please sign your commits,
+to show that you agree to publish your changes under the current terms and licenses of the project.
+
+```shell
+git commit --signed-off ...
+```

HISTORY.md

@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 
 ## unreleased
 
+* Changed
+  * Requires node `>= 12.0.0` now, was `8.0.0`. (via [#287])
+  * Requires `@cyclonedx/bom` `^3.8.0` now, was `^3.1.1`. (via [#287])
+* Misc
+  * Added reproducible test environments for unit an integration tests. (via [#51]) 
+
+[#51]: https://github.com/CycloneDX/cyclonedx-webpack-plugin/pull/51
+
 ## 1.0.2 - 2922-04-22
 
 * Fixed

README.md

@@ -7,36 +7,37 @@ https://img.shields.io/npm/v/@cyclonedx/webpack-plugin)](https://www.npmjs.com/p
 [![Group Discussion](https://img.shields.io/badge/discussion-groups.io-blue.svg)](https://groups.io/g/CycloneDX)
 [![Twitter](https://img.shields.io/twitter/url/http/shields.io.svg?style=social&label=Follow)](https://twitter.com/CycloneDX_Spec)
 
-CycloneDX Webpack Plugin
-=========
+# CycloneDX Webpack Plugin
 
 The CycloneDX plugin for Webpack creates a valid CycloneDX Software Bill of Materials (SBOM) containing an aggregate of 
 all bundled dependencies. This plugin uses the linkages generated by webpack to create a dependency graph which only 
 contain the dependencies that are actually used. 
 
-Requirements
--------------------
-- Node.js v8.0.0 or higher
+## Requirements
+- Node.js v12.0.0 or higher
 - Webpack v4.0.0 or higher
 
-Usage
--------------------
+However, there are older versions of this plugin, that support
+- Node.js v8.0.0 or higher
+- Webpack v4.0.0 or higher
 
-#### Installing
+## Installing
 
-```bash
+```shell
 npm i -D @cyclonedx/webpack-plugin
 ```
 
+## Usage
+
+### Example
 
-#### Example
 In your [webpack config](https://webpack.js.org/configuration/) add the CycloneDX plugin:
-```js
+
+```javascript
 const { CycloneDxWebpackPlugin } = require('@cyclonedx/webpack-plugin');
 
 module.exports = {
-  ...
-
+  // ...
   plugins: [
     new CycloneDxWebpackPlugin({
       context: '../',
@@ -46,7 +47,8 @@ module.exports = {
 };
 ```
 
-#### Support for IETF /.well-known/sbom
+### Support for IETF /.well-known/sbom
+
 The CycloneDX Webpack plugin supports placing the CycloneDX SBOM in a pre-defined location, specifically in
 `/.well-known/sbom`. This option is enabled by default. The behavior can be changed by overriding the values 
 of `includeWellknown` and `wellknownLocation`.
@@ -55,12 +57,12 @@ See [draft-lear-opsawg-sbom-access](https://datatracker.ietf.org/doc/html/draft-
 information on the specification, currently an IETF draft.
 
 In your [webpack config](https://webpack.js.org/configuration/) add the CycloneDX plugin:
-```js
+
+```javascript
 const { CycloneDxWebpackPlugin } = require('@cyclonedx/webpack-plugin');
 
 module.exports = {
-  ...
-
+  // ...
   plugins: [
     new CycloneDxWebpackPlugin({
       context: '../',
@@ -72,8 +74,7 @@ module.exports = {
 };
 ```
 
-License
--------------------
+## License
 
 Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE] file for the full license.
 

jest.config.js

@@ -0,0 +1,197 @@
+/*
+ * For a detailed explanation regarding each configuration property, visit:
+ * https://jestjs.io/docs/configuration
+ */
+
+module.exports = {
+  // All imported modules in your tests should be mocked automatically
+  // automock: false,
+
+  // Stop running tests after `n` failures
+  // bail: 0,
+
+  // The directory where Jest should store its cached dependency information
+  cacheDirectory: ".jest.cache",
+
+  // Automatically clear mock calls, instances and results before every test
+  clearMocks: true,
+
+  // Indicates whether the coverage information should be collected while executing the test
+  collectCoverage: true,
+
+  // An array of glob patterns indicating a set of files for which coverage information should be collected
+  // collectCoverageFrom: undefined,
+
+  // The directory where Jest should output its coverage files
+  coverageDirectory: "reports/jest/coverage",
+
+  // An array of regexp pattern strings used to skip coverage collection
+  // coveragePathIgnorePatterns: [
+  //   "/node_modules/"
+  // ],
+
+  // Indicates which provider should be used to instrument code for coverage
+  coverageProvider: "v8",
+
+  // A list of reporter names that Jest uses when writing coverage reports
+  // coverageReporters: [
+  //   "json",
+  //   "text",
+  //   "lcov",
+  //   "clover"
+  // ],
+
+  // An object that configures minimum threshold enforcement for coverage results
+  // coverageThreshold: undefined,
+
+  // A path to a custom dependency extractor
+  // dependencyExtractor: undefined,
+
+  // Make calling deprecated APIs throw helpful error messages
+  // errorOnDeprecated: false,
+
+  // Force coverage collection from ignored files using an array of glob patterns
+  // forceCoverageMatch: [],
+
+  // A path to a module which exports an async function that is triggered once before all test suites
+  // globalSetup: undefined,
+
+  // A path to a module which exports an async function that is triggered once after all test suites
+  // globalTeardown: undefined,
+
+  // A set of global variables that need to be available in all test environments
+  // globals: {},
+
+  // The maximum amount of workers used to run your tests. Can be specified as % or a number. E.g. maxWorkers: 10% will use 10% of your CPU amount + 1 as the maximum worker number. maxWorkers: 2 will use a maximum of 2 workers.
+  // maxWorkers: "50%",
+
+  // An array of directory names to be searched recursively up from the requiring module's location
+  // moduleDirectories: [
+  //   "node_modules"
+  // ],
+
+  // An array of file extensions your modules use
+  // moduleFileExtensions: [
+  //   "js",
+  //   "jsx",
+  //   "ts",
+  //   "tsx",
+  //   "json",
+  //   "node"
+  // ],
+
+  // A map from regular expressions to module names or to arrays of module names that allow to stub out resources with a single module
+  // moduleNameMapper: {},
+
+  // An array of regexp pattern strings, matched against all module paths before considered 'visible' to the module loader
+  // modulePathIgnorePatterns: [],
+
+  // Activates notifications for test results
+  // notify: false,
+
+  // An enum that specifies notification mode. Requires { notify: true }
+  // notifyMode: "failure-change",
+
+  // A preset that is used as a base for Jest's configuration
+  // preset: undefined,
+
+  // Run tests from one or more projects
+  // projects: undefined,
+
+  // Use this configuration option to add custom reporters to Jest
+  reporters: [
+    "default",
+    "jest-junit"
+  ],
+
+  // Automatically reset mock state before every test
+  // resetMocks: false,
+
+  // Reset the module registry before running each individual test
+  // resetModules: false,
+
+  // A path to a custom resolver
+  // resolver: undefined,
+
+  // Automatically restore mock state and implementation before every test
+  // restoreMocks: false,
+
+  // The root directory that Jest should scan for tests and modules within
+  // rootDir: undefined,
+
+  // A list of paths to directories that Jest should use to search for files in
+  roots: [
+     "<rootDir>/tests"
+  ],
+
+  // Allows you to use a custom runner instead of Jest's default test runner
+  // runner: "jest-runner",
+
+  // The paths to modules that run some code to configure or set up the testing environment before each test
+  // setupFiles: [],
+
+  // A list of paths to modules that run some code to configure or set up the testing framework before each test
+  // setupFilesAfterEnv: [],
+
+  // The number of seconds after which a test is considered as slow and reported as such in the results.
+  // slowTestThreshold: 5,
+
+  // A list of paths to snapshot serializer modules Jest should use for snapshot testing
+  // snapshotSerializers: [],
+
+  // The test environment that will be used for testing
+  // testEnvironment: "jest-environment-node",
+
+  // Options that will be passed to the testEnvironment
+  // testEnvironmentOptions: {},
+
+  // Adds a location field to test results
+  // testLocationInResults: false,
+
+  // The glob patterns Jest uses to detect test files
+  testMatch: [
+  //    "**/__tests__/**/*.[jt]s?(x)",
+     "**/?(*.)+(spec|test).js"
+  ],
+
+  // An array of regexp pattern strings that are matched against all test paths, matched tests are skipped
+  // testPathIgnorePatterns: [
+  //   "/node_modules/"
+  // ],
+
+  // The regexp pattern or array of patterns that Jest uses to detect test files
+  // testRegex: [],
+
+  // This option allows the use of a custom results processor
+  // testResultsProcessor: undefined,
+
+  // This option allows use of a custom test runner
+  // testRunner: "jest-circus/runner",
+
+  // This option sets the URL for the jsdom environment. It is reflected in properties such as location.href
+  // testURL: "http://localhost",
+
+  // Setting this value to "fake" allows the use of fake timers for functions such as "setTimeout"
+  // timers: "real",
+
+  // A map from regular expressions to paths to transformers
+  // transform: undefined,
+
+  // An array of regexp pattern strings that are matched against all source file paths, matched files will skip transformation
+  // transformIgnorePatterns: [
+  //   "/node_modules/",
+  //   "\\.pnp\\.[^\\/]+$"
+  // ],
+
+  // An array of regexp pattern strings that are matched against all modules before the module loader will automatically return a mock for them
+  // unmockedModulePathPatterns: undefined,
+
+  // Indicates whether each individual test should be reported during the run
+  // verbose: undefined,
+
+  // An array of regexp patterns that are matched against all source file paths before re-running tests in watch mode
+  // watchPathIgnorePatterns: [],
+
+  // Whether to use watchman for file crawling
+  // watchman: true,
+};