From 54986f243c3bdfb15e56afb4848fd98e6e246362 Mon Sep 17 00:00:00 2001 From: Surendra Pathak Date: Wed, 12 Jul 2023 23:28:02 -0700 Subject: [PATCH 1/2] [NO-TKT] semver comparison to ensure available tag is higher --- cmd/root.go | 22 +++++++++++++++++----- cmd/score.go | 11 ----------- go.mod | 1 + go.sum | 2 ++ 4 files changed, 20 insertions(+), 16 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index 1cf52e9..40c5210 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -18,6 +18,7 @@ import ( "fmt" "os" + "github.com/Masterminds/semver/v3" "github.com/google/go-github/v52/github" "github.com/spf13/cobra" version "sigs.k8s.io/release-utils/version" @@ -27,10 +28,10 @@ import ( var rootCmd = &cobra.Command{ Use: "sbomqs", Short: "sbomqs application provides sbom quality scores.", - Long: `SBOM Quality Score (sbomqs) is a standardized metric to -produce a calculated score that represents a level of “quality” -when using an SBOM. The sbomqs is intended to help customers make -an assessment of a SBOM acceptance risk based on their personal risk tolerance. + Long: `SBOM Quality Score (sbomqs) is a standardized metric to +produce a calculated score that represents a level of “quality” +when using an SBOM. The sbomqs is intended to help customers make +an assessment of a SBOM acceptance risk based on their personal risk tolerance. `, } @@ -63,7 +64,18 @@ func checkIfLatestRelease() { return } - if rr.GetTagName() != version.GetVersionInfo().GitVersion { + verLatest, err := semver.NewVersion(version.GetVersionInfo().GitVersion) + if err != nil { + return + } + + verInstalled, err := semver.NewVersion(rr.GetTagName()) + if err != nil { + return + } + + result := verInstalled.Compare(verLatest) + if result < 0 { fmt.Printf("\nA new version of sbomqs is available %s.\n\n", rr.GetTagName()) } } diff --git a/cmd/score.go b/cmd/score.go index 94d6625..c23418f 100644 --- a/cmd/score.go +++ b/cmd/score.go @@ -49,10 +49,6 @@ type userCmd struct { basic bool detailed bool - //spec control - spdx bool - cdx bool - //directory control recurse bool @@ -143,13 +139,6 @@ func toUserCmd(cmd *cobra.Command, args []string) *userCmd { uCmd.detailed = strings.ToLower(reportFormat) == "detailed" } - //spec control - // uCmd.spdx, _ = cmd.Flags().GetBool("spdx") - // uCmd.cdx, _ = cmd.Flags().GetBool("cdx") - - //directory control - //uCmd.recurse, _ = cmd.Flags().GetBool("recurse") - //debug control uCmd.debug, _ = cmd.Flags().GetBool("debug") diff --git a/go.mod b/go.mod index dfb15fd..c7ba6ea 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,7 @@ go 1.19 require ( github.com/CycloneDX/cyclonedx-go v0.7.1 github.com/DependencyTrack/client-go v0.11.0 + github.com/Masterminds/semver/v3 v3.2.1 github.com/google/go-github/v52 v52.0.0 github.com/google/uuid v1.3.0 github.com/maxbrunsfeld/counterfeiter/v6 v6.6.2 diff --git a/go.sum b/go.sum index 4071499..8f2a7e0 100644 --- a/go.sum +++ b/go.sum @@ -2,6 +2,8 @@ github.com/CycloneDX/cyclonedx-go v0.7.1 h1:5w1SxjGm9MTMNTuRbEPyw21ObdbaagTWF/Kf github.com/CycloneDX/cyclonedx-go v0.7.1/go.mod h1:N/nrdWQI2SIjaACyyDs/u7+ddCkyl/zkNs8xFsHF2Ps= github.com/DependencyTrack/client-go v0.11.0 h1:1g+eHC8nJyIzi68zcs+dr3OHRvS1aC+4Uy3YKA0JJhc= github.com/DependencyTrack/client-go v0.11.0/go.mod h1:XLZnOksOs56Svq+K4xmBkN8U97gpP7r1BkhCc/xA8Iw= +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1 h1:JMDGhoQvXNTqH6Y3MC0IUw6tcZvaUdujNqzK2HYWZc8= github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA= From 9520de2e1fec3a2765f64166ede9b5f454afceab Mon Sep 17 00:00:00 2001 From: Surendra Pathak Date: Thu, 13 Jul 2023 01:44:33 -0700 Subject: [PATCH 2/2] [ISSUE-171] Version for containerized app --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2424c58..b5cf1b4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM golang:1.20-alpine AS builder LABEL org.opencontainers.image.source="https://github.com/interlynk-io/sbomqs" -RUN apk add --no-cache make +RUN apk add --no-cache make git WORKDIR /app COPY go.mod go.sum ./ RUN go mod download