Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: "project downloadattachments" / "bom uploadattachments" #24

Open
gernot-h opened this issue Jul 12, 2023 · 3 comments
Open

feature: "project downloadattachments" / "bom uploadattachments" #24

gernot-h opened this issue Jul 12, 2023 · 3 comments

Comments

@gernot-h
Copy link
Collaborator

gernot-h commented Jul 12, 2023
edited

I currently have the task to synchronize projects' attachments between two SW360 instances.

In my specific case, certain projects including source attachments are uploaded into two different instances, but clearing results (e.g. reports and CLI files) are uploaded in only one of them. So the remaining bit for me would be to download those from instance A and upload it to instance B.

So my idea would be to add following two commands:

    bom
        UploadAttachments    upload all attachments described in a BOM e.g. created by "project DownloadAttachments"
   
    project
        DownloadAttachments    download all attachments (of certain types) and create a BOM listing them

This would require extending the BOM formats by some fields, probably something like

 "externalReferences" : [
   {
    "type": "other",
    "url": "file:///attachments/CLIXML_keyutils_1.6-6-debian-combined.tar.bz2_2019-10-10_10_02_52.xml",
    "comment": "component license information (XML)"
    }
  ]

Alternatively, I could also implement "project uploadattachments", but I think with the suggestion above, it could be used flexible for multiple use cases.

Together "project createbom", "bom map" and "bom createcomponents", I think we could even support complete project export/import use cases in the future like:

  • sync projects between different SW360 instances
  • archive projects from SW360 to other systems
  • migrate projects between SW360 and other platforms

What do you think?
@gernot-h gernot-h changed the title feature: "project downloadattachments" / "project uploadattachments" feature: "project downloadattachments" / "bom uploadattachments" Jul 12, 2023
@gernot-h
Copy link
Collaborator Author

This would also include a refactoring of "project getlicenseinfo" as this would mostly be a specific case of "project downloadattachments" then plus the HTML creation bits.

@gernot-h gernot-h mentioned this issue Jul 12, 2023
Merged
@gernot-h
Copy link
Collaborator Author

Still thinking what would be the most flexible user interface. Initial idea of Thomas and me was to offer "project DownloadAttachments" and "project UploadAttachments".

However, I think this is rather unflexible as you would always need a project to do downloads and uploads. As described above, I think offering "bom uploadattachments" might allow more use cases as you could update arbitrary releases and wouldn't require a project to do it.

And, thinking this through to the end, I should perhaps just implement "bom DownloadAttachments" and "bom UploadAttachments". We anyways have "project CreateBom" for getting an inital bom to operate with.

@gernot-h
Copy link
Collaborator Author

Given that we want to stay with the "project createbom" followed by "bom downloadattachments" approach, I looked into https://cyclonedx.org/docs/1.4/json/#externalReferences_items_type to decide how to add info about CLI files and clearing reports to BOM and I think I will go with an external reference of type "other" with according comments.

@gernot-h gernot-h mentioned this issue Jul 18, 2023
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gernot-h