From b4e666b720179ae34f53f8abbfb6368de41e7c82 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Sun, 12 Jan 2025 16:36:02 +0000 Subject: [PATCH 1/3] Ruby 1.8 image Signed-off-by: Prabhu Subramanian --- .github/workflows/build-base-images.yml | 38 +++++++++++++++++ ci/base-images/README.md | 19 +++++++++ ci/base-images/debian/Dockerfile.dotnet6 | 4 +- ci/base-images/debian/Dockerfile.dotnet8 | 4 +- ci/base-images/debian/Dockerfile.dotnet9 | 4 +- ci/base-images/debian/Dockerfile.ruby18 | 53 ++++++++++++++++++++++++ ci/base-images/debian/Dockerfile.ruby33 | 7 ++-- ci/base-images/debian/Dockerfile.ruby34 | 7 ++-- ci/base-images/debian/install.sh | 17 +++++--- ci/base-images/sle/Dockerfile.ruby25 | 1 + lib/helpers/envcontext.js | 26 ++++++++++++ types/lib/helpers/envcontext.d.ts.map | 2 +- 12 files changed, 163 insertions(+), 19 deletions(-) create mode 100644 ci/base-images/debian/Dockerfile.ruby18 diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index 28c45623f..8b50d6450 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -453,6 +453,44 @@ jobs: tags: ghcr.io/cyclonedx/cdxgen-debian-ruby34:v11 labels: ${{ steps.meta-cdxgen-debian-ruby34.outputs.labels }} + debian-ruby18-image: + if: github.repository == 'CycloneDX/cdxgen' + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta-debian-ruby18 + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/cyclonedx/debian-ruby18 + + - name: Build and push Docker images + uses: docker/build-push-action@v5 + with: + context: . + file: ci/base-images/debian/Dockerfile.ruby18 + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta-debian-ruby18.outputs.tags }} + labels: ${{ steps.meta-debian-ruby18.outputs.labels }} + sle-dotnet7-image: if: github.repository == 'CycloneDX/cdxgen' runs-on: ubuntu-latest diff --git a/ci/base-images/README.md b/ci/base-images/README.md index dcc07aad5..c1afee130 100644 --- a/ci/base-images/README.md +++ b/ci/base-images/README.md @@ -174,6 +174,25 @@ Example: Pass `-t ruby3.3.1` to install Ruby 3.3.1 docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-ruby34:v11 -r /app -o /app/bom.json -t ruby3.3.1 ``` +Working with Ruby 1.8 applications? We have a Ruby 1.8 image that uses `debian:jessie` as the base image. Unfortunately, we couldn't find a way to install nodejs >= 20 in jessie, so we need a split workflow: + +1. Perform bundle install with our debian-ruby18 image. + +```shell +docker run --rm -v /tmp:/tmp:rw -e GEM_HOME=/tmp/gems -v $(pwd):/app:rw -w /app -t ghcr.io/cyclonedx/debian-ruby18:master bundle install + +# Optionally, pass any bundle install args to build those stubborn projects +# docker run --rm -v /tmp:/tmp:rw -e GEM_HOME=/tmp/gems -e "BUNDLE_INSTALL_ARGS=--without test" -v $(pwd):/app:rw -w /app -t ghcr.io/cyclonedx/debian-ruby18:master bundle install +``` + +2. Run cdxgen using ruby33 or ruby34 image. + +```shell +docker run --rm -e CDXGEN_DEBUG_MODE=debug -e CDXGEN_GEM_HOME=/tmp/gems -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-ruby34:v11 -r /app -o /app/bom.json -t ruby --lifecyle pre-build +``` + +Notice the use of `GEM_HOME` and `CDXGEN_GEM_HOME` environment variables. + ## Troubleshooting ### .Net restore crashes diff --git a/ci/base-images/debian/Dockerfile.dotnet6 b/ci/base-images/debian/Dockerfile.dotnet6 index c24440f27..6bdf017c9 100644 --- a/ci/base-images/debian/Dockerfile.dotnet6 +++ b/ci/base-images/debian/Dockerfile.dotnet6 @@ -19,8 +19,8 @@ ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin: COPY ci/base-images/debian/install.sh /tmp/ -RUN apt-get update && apt-get install -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \ - && apt-get install -y build-essential mono-devel mono-xbuild nuget python3 python3-pip python3-dev \ +RUN apt-get update && apt-get install -qq -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \ + && apt-get install -qq -y build-essential mono-devel mono-xbuild nuget python3 python3-pip python3-dev locales \ && chmod +x /tmp/install.sh \ && ./tmp/install.sh && rm /tmp/install.sh \ && node -v \ diff --git a/ci/base-images/debian/Dockerfile.dotnet8 b/ci/base-images/debian/Dockerfile.dotnet8 index 0d1a36c6e..395cc4f09 100644 --- a/ci/base-images/debian/Dockerfile.dotnet8 +++ b/ci/base-images/debian/Dockerfile.dotnet8 @@ -19,8 +19,8 @@ ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin: COPY ci/base-images/debian/install.sh /tmp/ -RUN apt-get update && apt-get install -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \ - && apt-get install -y build-essential python3 python3-pip python3-dev \ +RUN apt-get update && apt-get install -qq -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \ + && apt-get install -qq -y build-essential python3 python3-pip python3-dev locales \ && chmod +x /tmp/install.sh \ && ./tmp/install.sh && rm /tmp/install.sh \ && node -v \ diff --git a/ci/base-images/debian/Dockerfile.dotnet9 b/ci/base-images/debian/Dockerfile.dotnet9 index 6f285841b..86dbbaec7 100644 --- a/ci/base-images/debian/Dockerfile.dotnet9 +++ b/ci/base-images/debian/Dockerfile.dotnet9 @@ -19,8 +19,8 @@ ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:${JAVA_HOME}/bin: COPY ci/base-images/debian/install.sh /tmp/ -RUN apt-get update && apt-get install -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \ - && apt-get install -y build-essential python3 python3-pip python3-dev \ +RUN apt-get update && apt-get install -qq -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \ + && apt-get install -qq -y build-essential python3 python3-pip python3-dev locales \ && chmod +x /tmp/install.sh \ && ./tmp/install.sh && rm /tmp/install.sh \ && node -v \ diff --git a/ci/base-images/debian/Dockerfile.ruby18 b/ci/base-images/debian/Dockerfile.ruby18 new file mode 100644 index 000000000..af078cc37 --- /dev/null +++ b/ci/base-images/debian/Dockerfile.ruby18 @@ -0,0 +1,53 @@ +FROM debian:jessie + +ARG JAVA_VERSION=23.0.1-tem +ARG NODE_VERSION=20.17.0 +ARG ATOM_RUBY_VERSION=3.4.1 +ARG BUNDLER_VERSION=1.17.3 +ARG RAKE_VERSION=0.7.3 +ARG RMAGICK_VERSION=2.16.0 +ARG NOKOGIRI_VERSION=1.5.11 + +ENV JAVA_VERSION=$JAVA_VERSION \ + JAVA_HOME="/opt/java/${JAVA_VERSION}" \ + ATOM_RUBY_VERSION=$ATOM_RUBY_VERSION \ + RUBY_VERSION=1.8.7-p374 \ + BUNDLER_VERSION=$BUNDLER_VERSION \ + RAKE_VERSION=$RAKE_VERSION \ + RMAGICK_VERSION=$RMAGICK_VERSION \ + BUNDLE_SILENCE_ROOT_WARNING=true \ + LC_ALL=en_US.UTF-8 \ + LANG=en_US.UTF-8 \ + LANGUAGE=en_US.UTF-8 \ + NVM_DIR="/root/.nvm" +ENV PATH=/usr/local/rvm/gems/ruby-${RUBY_VERSION}/bin:/usr/local/rvm/gems/ruby-${RUBY_VERSION}@global/bin:/usr/local/rvm/rubies/ruby-${RUBY_VERSION}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/rvm/bin:${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:/usr/local/bin:/root/.local/bin:/root/.rbenv/bin: + +COPY ci/base-images/debian/install.sh /tmp/ + +RUN set -ex \ + && rm /etc/apt/sources.list \ + && echo "deb http://archive.debian.org/debian-security jessie/updates main" >> /etc/apt/sources.list.d/jessie.list \ + && echo "deb http://archive.debian.org/debian jessie main" >> /etc/apt/sources.list.d/jessie.list \ + && apt-get -o Acquire::Check-Valid-Until=false update && apt-get install -qq -y --force-yes --no-install-recommends curl bash bzip2 git-core zip unzip make gawk gnupg2 nodejs \ + && apt-get install -qq -y --force-yes build-essential python3 python3-pip python3-dev libmagic-dev locales autoconf automake bison libffi-dev libgdbm-dev \ + libncurses5-dev libsqlite3-dev libtool libyaml-dev pkg-config sqlite3 zlib1g-dev libgmp-dev libreadline6-dev libssl-dev libc-dev libxslt-dev libmagickwand-dev \ + && command curl -sSL https://rvm.io/mpapis.asc | gpg2 --import - \ + && command curl -sSL https://rvm.io/pkuczynski.asc | gpg2 --import - \ + && echo "export rvm_max_time_flag=20" >> ~/.rvmrc \ + && curl -sSL https://get.rvm.io | bash -s stable --ruby=${RUBY_VERSION} \ + && rvm use ruby-${RUBY_VERSION} \ + && ruby --version \ + && gem install bundler -v ${BUNDLER_VERSION} --no-ri --no-rdoc \ + && gem install rake -v ${RAKE_VERSION} --no-ri --no-rdoc \ + && gem install slimgems --no-ri --no-rdoc \ + && gem install nokogiri -v ${NOKOGIRI_VERSION} \ + && gem install rmagick -v ${RMAGICK_VERSION} \ + && gem install eventmachine -v 1.2.7 \ + && gem install sqlite3-ruby -v 1.2.4 \ + && gem install sqlite3 -v 1.3.13 \ + && chmod +x /tmp/install.sh \ + && SKIP_PYTHON=yes SKIP_NODEJS=yes ./tmp/install.sh && rm /tmp/install.sh \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && rm -rf /var/lib/apt/lists/* + +CMD /bin/bash diff --git a/ci/base-images/debian/Dockerfile.ruby33 b/ci/base-images/debian/Dockerfile.ruby33 index fbd219295..73b4a4fa4 100644 --- a/ci/base-images/debian/Dockerfile.ruby33 +++ b/ci/base-images/debian/Dockerfile.ruby33 @@ -7,6 +7,7 @@ ARG ATOM_RUBY_VERSION=3.4.1 ENV JAVA_VERSION=$JAVA_VERSION \ JAVA_HOME="/opt/java/${JAVA_VERSION}" \ ATOM_RUBY_VERSION=$ATOM_RUBY_VERSION \ + BUNDLE_SILENCE_ROOT_WARNING=true \ LC_ALL=en_US.UTF-8 \ LANG=en_US.UTF-8 \ LANGUAGE=en_US.UTF-8 \ @@ -15,13 +16,13 @@ ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:/usr/local/bin:/r COPY ci/base-images/debian/install.sh /tmp/ -RUN apt-get update && apt-get install -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \ - && apt-get install -y build-essential python3 python3-pip python3-dev libmagic-dev \ +RUN apt-get update && apt-get install -qq -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \ + && apt-get install -qq -y build-essential python3 python3-pip python3-dev libmagic-dev locales \ && chmod +x /tmp/install.sh \ && ./tmp/install.sh && rm /tmp/install.sh \ && node -v \ && npm -v \ - && gem install bundler \ + && gem install bundler --no-ri --no-rdoc \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && rm -rf /var/lib/apt/lists/* diff --git a/ci/base-images/debian/Dockerfile.ruby34 b/ci/base-images/debian/Dockerfile.ruby34 index 62a0de1b1..cca346a31 100644 --- a/ci/base-images/debian/Dockerfile.ruby34 +++ b/ci/base-images/debian/Dockerfile.ruby34 @@ -5,6 +5,7 @@ ARG NODE_VERSION=23.6.0 ENV JAVA_VERSION=$JAVA_VERSION \ JAVA_HOME="/opt/java/${JAVA_VERSION}" \ + BUNDLE_SILENCE_ROOT_WARNING=true \ LC_ALL=en_US.UTF-8 \ LANG=en_US.UTF-8 \ LANGUAGE=en_US.UTF-8 \ @@ -13,13 +14,13 @@ ENV PATH=${PATH}:/root/.nvm/versions/node/v${NODE_VERSION}/bin:/usr/local/bin:/r COPY ci/base-images/debian/install.sh /tmp/ -RUN apt-get update && apt-get install -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \ - && apt-get install -y build-essential python3 python3-pip python3-dev libmagic-dev \ +RUN apt-get update && apt-get install -qq -y --no-install-recommends curl bash bzip2 git-core zip unzip make gawk \ + && apt-get install -qq -y build-essential python3 python3-pip python3-dev libmagic-dev locales \ && chmod +x /tmp/install.sh \ && ./tmp/install.sh && rm /tmp/install.sh \ && node -v \ && npm -v \ - && gem install bundler \ + && gem install bundler --no-ri --no-rdoc \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ && rm -rf /var/lib/apt/lists/* diff --git a/ci/base-images/debian/install.sh b/ci/base-images/debian/install.sh index 40d3c1381..150ba5957 100644 --- a/ci/base-images/debian/install.sh +++ b/ci/base-images/debian/install.sh @@ -25,9 +25,14 @@ sdk offline enable mv /root/.sdkman/candidates/* /opt/ rm -rf /root/.sdkman -python3 -m pip install --no-cache-dir --upgrade pip virtualenv -python3 -m pip install --no-cache-dir --upgrade --user pipenv poetry uv -curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash -chmod +x /root/.nvm/nvm.sh -source /root/.nvm/nvm.sh -nvm install ${NODE_VERSION} +if [ x"${SKIP_PYTHON}" != "xyes" ]; then + python3 -m pip install --no-cache-dir --upgrade pip virtualenv + python3 -m pip install --no-cache-dir --upgrade --user pipenv poetry uv +fi + +if [ x"${SKIP_NODEJS}" != "xyes" ]; then + curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash + chmod +x /root/.nvm/nvm.sh + source /root/.nvm/nvm.sh + nvm install ${NODE_VERSION} +fi diff --git a/ci/base-images/sle/Dockerfile.ruby25 b/ci/base-images/sle/Dockerfile.ruby25 index 4f6c35739..4bbd83e04 100644 --- a/ci/base-images/sle/Dockerfile.ruby25 +++ b/ci/base-images/sle/Dockerfile.ruby25 @@ -7,6 +7,7 @@ ENV LC_ALL=en_US.UTF-8 \ LANGUAGE=en_US.UTF-8 \ ATOM_RUBY_VERSION=$ATOM_RUBY_VERSION \ ATOM_RUBY_HOME=/root/.rbenv/versions/${ATOM_RUBY_VERSION} \ + BUNDLE_SILENCE_ROOT_WARNING=true \ JAVA_OPTIONS="-Dhttps.protocols=TLSv1.1,TLSv1.2" ENV PATH=${PATH}:/usr/local/bin:/root/.local/bin:/root/.rbenv/bin: diff --git a/lib/helpers/envcontext.js b/lib/helpers/envcontext.js index b7977bfd3..15c7c59ce 100644 --- a/lib/helpers/envcontext.js +++ b/lib/helpers/envcontext.js @@ -746,6 +746,9 @@ export function bundleInstallWithDocker(rubyVersion, cdxgenGemHome, filePath) { * @param filePath File path */ export function installRubyVersion(rubyVersion, filePath) { + if (!rubyVersion) { + return { fullToolBinDir: undefined, status: false }; + } const existingRuby = collectRubyInfo(filePath); if (existingRuby?.version?.startsWith(`ruby ${rubyVersion} `)) { return { fullToolBinDir: undefined, status: true }; @@ -773,6 +776,21 @@ export function installRubyVersion(rubyVersion, filePath) { return { fullToolBinDir, status: true }; } } + // Check if we're trying to install Ruby 1.x or 2.x + if (rubyVersion.startsWith("1.")) { + console.log( + `Ruby version ${rubyVersion} requires very old versions of Linux such as debian:8. Consider using the container image "ghcr.io/cyclonedx/debian-ruby18:master" to build the application first and then invoke cdxgen with the arguments "--lifecycle pre-build".`, + ); + console.log("The below install step is likely to fail."); + } else if ( + rubyVersion.startsWith("2.") && + process.env?.CDXGEN_IN_CONTAINER !== "true" + ) { + console.log( + `Installing Ruby version ${rubyVersion} requires specific development libraries. Consider using the custom container image "ghcr.io/cyclonedx/cdxgen-ruby25:v11" instead.`, + ); + console.log("The below install step is likely to fail."); + } console.log( `Attempting to install Ruby ${rubyVersion} using rbenv. This might take a while ...`, ); @@ -1007,6 +1025,14 @@ export function performBundleInstall( ); } } + if (result?.stderr?.includes("Bundler cannot continue")) { + console.log( + 'Bundle install is unable to continue due to a dependency resolution and build issue. Running bundle install without certain groups might work in such instances. Try running cdxgen with the environment variable `BUNDLE_INSTALL_ARGS`. Example: to skip `test` group, set the variable `"BUNDLE_INSTALL_ARGS=--without test"`', + ); + console.log( + "NOTE: The generated SBOM would be incomplete with this workaround.", + ); + } if ( !pythonWarningShown && (result?.stderr?.includes("Failed to build gem native extension") || diff --git a/types/lib/helpers/envcontext.d.ts.map b/types/lib/helpers/envcontext.d.ts.map index f1f738e6a..6dad4b463 100644 --- a/types/lib/helpers/envcontext.d.ts.map +++ b/types/lib/helpers/envcontext.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"envcontext.d.ts","sourceRoot":"","sources":["../../../lib/helpers/envcontext.js"],"names":[],"mappings":"AAsCA;;;;;;GAMG;AACH,wCALW,MAAM,OACN,MAAM,OAMhB;AAED;;;;;GAKG;AACH,kCAJW,MAAM,OAMhB;AAED;;;;;;GAMG;AACH,gDAJW,MAAM,OAMhB;AAED;;;;;GAKG;AACH,mCAJW,MAAM,MAsBhB;AAED;;;;;GAKG;AACH,+BAJW,MAAM,SAgChB;AAED;;;;;;;GAOG;AACH,oCALW,MAAM,oBAOhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;;;;;;EAsBhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;;EAgBhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;;EAgBhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM;;;;;EAehB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;;EAehB;AAED;;;;;GAKG;AACH,mCAHW,MAAM;;;;EAahB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAahB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;EAahB;AAED;;;;;;GAMG;AACH,+DAEC;AAED;;;;;;;;;IAmCC;AAwCD;;GAEG;AACH,6CAeC;AAED;;GAEG;AACH,0CAUC;AAED;;;;;;;GAOG;AACH,mFAqBC;AAED;;;;;;;GAOG;AACH,+EAyFC;AAED;;;;;;GAMG;AACH,8DAuBC;AAED;;;;;;GAMG;AACH,iEAmCC;AASD;;;;GAIG;AACH,4CAiBC;AAED,yDAIC;AAED;;;;;;GAMG;AACH,sGAsCC;AAED;;;;;GAKG;AACH;;;EA+DC;AAED;;;;;GAKG;AACH,mFA6DC;AAED;;;;;;;;;GASG;AACH,+GAFa,OAAO,CA4JnB;AA3/BD,8BAAwD"} \ No newline at end of file +{"version":3,"file":"envcontext.d.ts","sourceRoot":"","sources":["../../../lib/helpers/envcontext.js"],"names":[],"mappings":"AAsCA;;;;;;GAMG;AACH,wCALW,MAAM,OACN,MAAM,OAMhB;AAED;;;;;GAKG;AACH,kCAJW,MAAM,OAMhB;AAED;;;;;;GAMG;AACH,gDAJW,MAAM,OAMhB;AAED;;;;;GAKG;AACH,mCAJW,MAAM,MAsBhB;AAED;;;;;GAKG;AACH,+BAJW,MAAM,SAgChB;AAED;;;;;;;GAOG;AACH,oCALW,MAAM,oBAOhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;;;;;;EAsBhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;;EAgBhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;;EAgBhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM;;;;;EAehB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;;EAehB;AAED;;;;;GAKG;AACH,mCAHW,MAAM;;;;EAahB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAahB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;EAahB;AAED;;;;;;GAMG;AACH,+DAEC;AAED;;;;;;;;;IAmCC;AAwCD;;GAEG;AACH,6CAeC;AAED;;GAEG;AACH,0CAUC;AAED;;;;;;;GAOG;AACH,mFAqBC;AAED;;;;;;;GAOG;AACH,+EAyFC;AAED;;;;;;GAMG;AACH,8DAuBC;AAED;;;;;;GAMG;AACH,iEAmCC;AASD;;;;GAIG;AACH,4CAiBC;AAED,yDAIC;AAED;;;;;;GAMG;AACH,sGAsCC;AAED;;;;;GAKG;AACH;;;EAiFC;AAED;;;;;GAKG;AACH,mFA6DC;AAED;;;;;;;;;GASG;AACH,+GAFa,OAAO,CAoKnB;AArhCD,8BAAwD"} \ No newline at end of file From cde50771ccfcab77c7dcc73861fd8660c6513cfd Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Sun, 12 Jan 2025 17:31:01 +0000 Subject: [PATCH 2/3] Update base-images doc Signed-off-by: Prabhu Subramanian --- ci/base-images/README.md | 14 +++++++------- lib/cli/index.js | 17 ++++++++++++++--- types/lib/cli/index.d.ts.map | 2 +- 3 files changed, 22 insertions(+), 11 deletions(-) diff --git a/ci/base-images/README.md b/ci/base-images/README.md index c1afee130..fc26982bb 100644 --- a/ci/base-images/README.md +++ b/ci/base-images/README.md @@ -144,18 +144,18 @@ docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghc ### Ruby applications -Use the custom image `ghcr.io/cyclonedx/cdxgen-ruby34:v11`. +Use the custom image `ghcr.io/cyclonedx/cdxgen-debian-ruby34:v11`. Ruby 3.3.6 (debian version) ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-ruby33:v11 -r /app -o /app/bom.json -t ruby +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-ruby33:v11 -r /app -o /app/bom.json -t ruby ``` Ruby 3.4.1 (debian version) ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-ruby34:v11 -r /app -o /app/bom.json -t ruby +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-ruby34:v11 -r /app -o /app/bom.json -t ruby ``` Ruby 2.5.0 (SLE version) @@ -171,7 +171,7 @@ Pass any Ruby version with the type argument to make cdxgen automatically instal Example: Pass `-t ruby3.3.1` to install Ruby 3.3.1 ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-ruby34:v11 -r /app -o /app/bom.json -t ruby3.3.1 +docker run --rm -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-debian-ruby34:v11 -r /app -o /app/bom.json -t ruby3.3.1 ``` Working with Ruby 1.8 applications? We have a Ruby 1.8 image that uses `debian:jessie` as the base image. Unfortunately, we couldn't find a way to install nodejs >= 20 in jessie, so we need a split workflow: @@ -185,13 +185,13 @@ docker run --rm -v /tmp:/tmp:rw -e GEM_HOME=/tmp/gems -v $(pwd):/app:rw -w /app # docker run --rm -v /tmp:/tmp:rw -e GEM_HOME=/tmp/gems -e "BUNDLE_INSTALL_ARGS=--without test" -v $(pwd):/app:rw -w /app -t ghcr.io/cyclonedx/debian-ruby18:master bundle install ``` -2. Run cdxgen using ruby33 or ruby34 image. +2. Run cdxgen using ruby25 image. ```shell -docker run --rm -e CDXGEN_DEBUG_MODE=debug -e CDXGEN_GEM_HOME=/tmp/gems -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-ruby34:v11 -r /app -o /app/bom.json -t ruby --lifecyle pre-build +docker run --rm -e CDXGEN_DEBUG_MODE=debug -e CDXGEN_GEM_HOME=/tmp/gems -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-ruby25:v11 -r /app -o /app/bom.json -t ruby --lifecycle pre-build ``` -Notice the use of `GEM_HOME` and `CDXGEN_GEM_HOME` environment variables. +Notice the use of `GEM_HOME` and `CDXGEN_GEM_HOME` environment variables. `--deep` mode is currently not supported for Ruby 1.8. ## Troubleshooting diff --git a/lib/cli/index.js b/lib/cli/index.js index 81966d3e5..be7658f0b 100644 --- a/lib/cli/index.js +++ b/lib/cli/index.js @@ -5296,6 +5296,11 @@ export async function createRubyBom(path, options) { console.log( "Unable to collect the module names for all the gems. Resolve the errors reported and re-run cdxgen.", ); + if (DEBUG_MODE) { + console.log( + "Tried everything to get the `--deep` mode working? Please create an issue with a sample repo to reproduce this problem. https://github.com/CycloneDX/cdxgen/issues", + ); + } break; } } @@ -5309,9 +5314,15 @@ export async function createRubyBom(path, options) { rmSync(process.env.CDXGEN_GEM_HOME, { recursive: true, force: true }); } } else { - console.log( - "Set the environment variable CDXGEN_GEM_HOME or GEM_HOME to collect the module names for installed gems.", - ); + if (process.env.CDXGEN_GEM_HOME) { + console.log( + `${process.env.CDXGEN_GEM_HOME} was empty. Ensure "bundle install" command was successful prior to invoking cdxgen.`, + ); + } else { + console.log( + "Set the environment variable CDXGEN_GEM_HOME or GEM_HOME to collect the module names for installed gems.", + ); + } } } return buildBomNSData(options, pkgList, "gem", { diff --git a/types/lib/cli/index.d.ts.map b/types/lib/cli/index.d.ts.map index b86cee7f5..dfa3c4da5 100644 --- a/types/lib/cli/index.d.ts.map +++ b/types/lib/cli/index.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AA4xBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAuXD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAs7BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAukBhB;AAED;;;;;;;;;;GAUG;AACH,+DAsEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA+dhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA+YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BA6FhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAiUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAiJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAkLhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA4XhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDAqFC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BAqdlB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAgUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAiPhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CAwHxE"} \ No newline at end of file +{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AA4xBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAuXD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAs7BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAukBhB;AAED;;;;;;;;;;GAUG;AACH,+DAsEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA+dhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA+YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BA6FhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAiUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAiJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BA6LhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA4XhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDAqFC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BAqdlB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAgUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAiPhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CAwHxE"} \ No newline at end of file From 57df246193522eb575cd08e44605b16421368923 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Sun, 12 Jan 2025 17:42:41 +0000 Subject: [PATCH 3/3] Update base-images doc Signed-off-by: Prabhu Subramanian --- docs/ENV.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/ENV.md b/docs/ENV.md index 08d167f10..5e35e85b9 100644 --- a/docs/ENV.md +++ b/docs/ENV.md @@ -86,3 +86,8 @@ The following environment variables are available to configure the bom generatio | GRADLE_ARGS | A space-separated list of additional arguments passed to Gradle commands. Useful for providing custom profiles, configurations, or settings for builds. | | SDKMAN_VERSION | Specifies the version of SDKMAN to use. Useful for managing SDKs and ensuring compatibility with tools and environments. | | NVM_DIR | Defines the directory where Node Version Manager (NVM) is installed. Used to locate and manage Node.js versions in environments where NVM is utilized. | +| RBENV_CMD | rbenv command to use | +| RBENV_ROOT | Set the rbenv root directory for custom rbenv installations. | +| BUNDLE_INSTALL_ARGS | Additional arguments to pass to bundle install command. | +| BUNDLE_UPDATE_ARGS | Additional arguments to pass to bundle update command. | +| CDXGEN_GEM_HOME | Customize the GEM_HOME directory to use, while collecting the module names for all the gems in deep mode. This could be different from the system gems directory too. Can be used in addition to `GEM_PATH` environment variable too to improve the success rate. |