jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-12 10:55:20 +02:00
Code Issues Releases Activity

fix(npm) use npm install for cyclonedx (#4357)

Browse Source
This commit is contained in:
Ashly Mathew 2023-05-11 14:32:39 +02:00 committed by GitHub
parent f476e8ddce
commit 00f376d757
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/npm/npm.go
View File

@ -356,9 +356,8 @@ func (exec *Execute) checkIfLockFilesExist() (bool, bool, error) {
// CreateBOM generates BOM file using CycloneDX from all package.json files
func (exec *Execute) CreateBOM(packageJSONFiles []string) error {
execRunner := exec.Utils.GetExecRunner()
// Install CycloneDX Node.js module via npx without saving in package.json / polluting globals
// See https://github.com/CycloneDX/cyclonedx-node-npm#installation
err := execRunner.RunExecutable("npx", "--package", cycloneDxPackageVersion, "--call", "exit")
// Install CycloneDX Node.js module locally without saving in package.json
err := execRunner.RunExecutable("npm", "install", cycloneDxPackageVersion, "--no-save")
if err != nil {
return fmt.Errorf("failed to install CycloneDX package: %w", err)
}

2
pkg/npm/npm_test.go
View File

@ -360,7 +360,7 @@ func TestNpm(t *testing.T) {
if assert.NoError(t, err) {
if assert.Equal(t, 3, len(utils.execRunner.Calls)) {
assert.Equal(t, mock.ExecCall{Exec: "npx", Params: []string{"--package", "@cyclonedx/cyclonedx-npm@1.11.0", "--call", "exit"}}, utils.execRunner.Calls[0])
assert.Equal(t, mock.ExecCall{Exec: "npm", Params: []string{"install", "@cyclonedx/cyclonedx-npm@1.11.0", "--no-save"}}, utils.execRunner.Calls[0])
assert.Equal(t, mock.ExecCall{Exec: "npx", Params: []string{"@cyclonedx/cyclonedx-npm@1.11.0", "--output-format",
"XML",
"--spec-version",