Merge pull request #174 from interlynk-io/fix/issue-173

[NO-TKT] semver comparison to ensure available tag is higher
interlynk-io · Jul 13, 2023 · 6744ad2 · 6744ad2
2 parents 9544ac8 + 9520de2
commit 6744ad2
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 17 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 FROM golang:1.20-alpine AS builder
 LABEL org.opencontainers.image.source="https://github.com/interlynk-io/sbomqs"
 
-RUN apk add --no-cache make
+RUN apk add --no-cache make git
 WORKDIR /app
 COPY go.mod go.sum ./
 RUN go mod download

diff --git a/cmd/root.go b/cmd/root.go
@@ -18,6 +18,7 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/Masterminds/semver/v3"
 	"github.com/google/go-github/v52/github"
 	"github.com/spf13/cobra"
 	version "sigs.k8s.io/release-utils/version"
@@ -27,10 +28,10 @@ import (
 var rootCmd = &cobra.Command{
 	Use:   "sbomqs",
 	Short: "sbomqs application provides sbom quality scores.",
-	Long: `SBOM Quality Score (sbomqs) is a standardized metric to 
-produce a calculated score that represents a level of “quality” 
-when using an SBOM. The sbomqs is intended to help customers make 
-an assessment of a SBOM acceptance risk based on their personal risk tolerance.  
+	Long: `SBOM Quality Score (sbomqs) is a standardized metric to
+produce a calculated score that represents a level of “quality”
+when using an SBOM. The sbomqs is intended to help customers make
+an assessment of a SBOM acceptance risk based on their personal risk tolerance.
 `,
 }
 
@@ -63,7 +64,18 @@ func checkIfLatestRelease() {
 		return
 	}
 
-	if rr.GetTagName() != version.GetVersionInfo().GitVersion {
+	verLatest, err := semver.NewVersion(version.GetVersionInfo().GitVersion)
+	if err != nil {
+		return
+	}
+
+	verInstalled, err := semver.NewVersion(rr.GetTagName())
+	if err != nil {
+		return
+	}
+
+	result := verInstalled.Compare(verLatest)
+	if result < 0 {
 		fmt.Printf("\nA new version of sbomqs is available %s.\n\n", rr.GetTagName())
 	}
 }
diff --git a/cmd/score.go b/cmd/score.go
@@ -49,10 +49,6 @@ type userCmd struct {
 	basic    bool
 	detailed bool
 
-	//spec control
-	spdx bool
-	cdx  bool
-
 	//directory control
 	recurse bool
 
@@ -143,13 +139,6 @@ func toUserCmd(cmd *cobra.Command, args []string) *userCmd {
 		uCmd.detailed = strings.ToLower(reportFormat) == "detailed"
 	}
 
-	//spec control
-	// uCmd.spdx, _ = cmd.Flags().GetBool("spdx")
-	// uCmd.cdx, _ = cmd.Flags().GetBool("cdx")
-
-	//directory control
-	//uCmd.recurse, _ = cmd.Flags().GetBool("recurse")
-
 	//debug control
 	uCmd.debug, _ = cmd.Flags().GetBool("debug")
 

diff --git a/go.mod b/go.mod
@@ -5,6 +5,7 @@ go 1.19
 require (
 	github.com/CycloneDX/cyclonedx-go v0.7.1
 	github.com/DependencyTrack/client-go v0.11.0
+	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/google/go-github/v52 v52.0.0
 	github.com/google/uuid v1.3.0
 	github.com/maxbrunsfeld/counterfeiter/v6 v6.6.2

diff --git a/go.sum b/go.sum
@@ -2,6 +2,8 @@ github.com/CycloneDX/cyclonedx-go v0.7.1 h1:5w1SxjGm9MTMNTuRbEPyw21ObdbaagTWF/Kf
 github.com/CycloneDX/cyclonedx-go v0.7.1/go.mod h1:N/nrdWQI2SIjaACyyDs/u7+ddCkyl/zkNs8xFsHF2Ps=
 github.com/DependencyTrack/client-go v0.11.0 h1:1g+eHC8nJyIzi68zcs+dr3OHRvS1aC+4Uy3YKA0JJhc=
 github.com/DependencyTrack/client-go v0.11.0/go.mod h1:XLZnOksOs56Svq+K4xmBkN8U97gpP7r1BkhCc/xA8Iw=
+github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
+github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1 h1:JMDGhoQvXNTqH6Y3MC0IUw6tcZvaUdujNqzK2HYWZc8=
 github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA=