chore: initial QA

.codacy.yaml

@@ -0,0 +1,17 @@
+# Config for Codacy
+# See https://docs.codacy.com/repositories-configure/codacy-configuration-file/
+---
+engines:
+# engine `eslint-8` shall be disabled, since it fails due to incapability to load custom/own plugins
+# this engine is run via CI/CT anyway...
+exclude_paths:
+  # ignore all non-shipped files
+  - "docs/dev/**"
+  - "examples/**"
+  ## tests
+  - "tests/**"
+  - "**/*.test.*"
+  - "**/*.spec.*"
+  ## dot-files & dot-folders
+  - ".*"
+  - ".*/**"

.eslintignore

@@ -0,0 +1,12 @@
+# yarn stuff
+/.yarn/**
+/.pnp.cjs
+/.pnp.loader.mjs
+
+# generated files: dist and docs
+/reports/**
+/bundles/**
+/docs/**
+
+
+!/sources/**

.eslintrc.js

@@ -0,0 +1,122 @@
+/*!
+This file is part of CycloneDX SBOM plugin for yarn.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+/* eslint-disable jsdoc/valid-types */
+
+/**
+ * @type {import('eslint').Linter.Config}
+ * @see https://eslint.org/
+ */
+module.exports = {
+  root: true,
+  plugins: [
+    /* see https://github.com/lydell/eslint-plugin-simple-import-sort#readme */
+    'simple-import-sort',
+    /* see https://github.com/Stuk/eslint-plugin-header#readme */
+    'header'
+  ],
+  env: {
+    commonjs: true,
+    node: true
+  },
+  rules: {
+    // region sort imports/exports
+    /** disable other sorters in favour of `simple-import-sort` */
+    'import/order': 0,
+    'sort-imports': 0,
+    /** @see https://github.com/lydell/eslint-plugin-simple-import-sort/ */
+    'simple-import-sort/imports': 'error',
+    'simple-import-sort/exports': 'error',
+    // endregion sort imports/exports
+    // region license-header
+    /* see https://github.com/Stuk/eslint-plugin-header#readme */
+    'header/header': ['error', '.license-header.js']
+    // endregion license-header
+  },
+  overrides: [
+    {
+      files: ['*.spec.*', '*.test.*'],
+      env: {
+        mocha: true,
+        commonjs: true,
+        node: true
+      }
+    },
+    {
+      files: ['*.ts'],
+      extends: [
+        /** @see https://github.com/standard/ts-standard */
+        'standard-with-typescript'
+      ],
+      parserOptions: {
+        project: './tsconfig.json'
+      },
+      rules: {
+        /* @see https://typescript-eslint.io/rules/unbound-method/ */
+        '@typescript-eslint/unbound-method': ['error', {
+          ignoreStatic: true
+        }]
+      }
+    },
+    {
+      files: ['*.js', '*.mjs', '*.cjs'],
+      extends: [
+        /* see https://www.npmjs.com/package/eslint-config-standard */
+        'standard',
+        /* see https://github.com/gajus/eslint-plugin-jsdoc */
+        'plugin:jsdoc/recommended'
+      ],
+      plugins: [
+        /* see https://github.com/gajus/eslint-plugin-jsdoc/ */
+        'jsdoc'
+      ],
+      rules: {
+        /* see https://github.com/gajus/eslint-plugin-jsdoc */
+        'jsdoc/no-undefined-types': 'error',
+        'jsdoc/check-tag-names': 0,
+        'jsdoc/check-types': 'error',
+        'jsdoc/require-hyphen-before-param-description': ['error', 'always'],
+        'jsdoc/require-jsdoc': 0,
+        'jsdoc/require-param': 0,
+        'jsdoc/require-param-description': 0,
+        'jsdoc/require-param-name': 'error',
+        'jsdoc/require-param-type': 'error',
+        'jsdoc/require-property': 0,
+        'jsdoc/require-property-description': 0,
+        'jsdoc/require-property-name': 'error',
+        'jsdoc/require-property-type': 'error',
+        'jsdoc/require-returns': 0,
+        'jsdoc/require-returns-check': 'error',
+        'jsdoc/require-returns-description': 0,
+        'jsdoc/require-returns-type': 'error',
+        'jsdoc/require-throws': 'error',
+        'jsdoc/require-yields': 0,
+        'jsdoc/require-yields-check': 'error',
+        'jsdoc/sort-tags': 'warn'
+        // region docs
+      },
+      settings: {
+        jsdoc: {
+          /* see https://github.com/gajus/eslint-plugin-jsdoc */
+          mode: 'jsdoc'
+        }
+      }
+    }
+  ]
+}

.github/workflows/test.yml → .github/workflows/nodejs.yml

@@ -1,7 +1,7 @@
 # For details of what checks are run for PRs please refer below
 # docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions
 
-name: CI/CT
+name: Node CI
 
 on:
   push:
@@ -23,6 +23,7 @@ env:
   DIST_DIR: bundles
   REPORTS_DIR: "CI_reports"
   TESTS_REPORTS_ARTIFACT: tests-reports
+  STANDARD_REPORTS_ARTIFACT: cs-reports
 
 jobs:
   build:
@@ -46,7 +47,9 @@ jobs:
       - name: Setup subject
         run: yarn install --immutable
       - name: build
-        run: yarn build --source-map
+        run: yarn run build:gbtd
+      - name: build
+        run: yarn run build:bundle-dev
       - name: artifact build result
         # see https://github.com/actions/upload-artifact
         uses: actions/upload-artifact@v3
@@ -55,12 +58,78 @@ jobs:
           path: ${{ env.DIST_DIR }}
           if-no-files-found: error
 
-  #  test-standards:
-  #    # TODO
+  test-standard:
+    name: test standard
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v4
+      - run: mkdir -p ${{ env.REPORTS_DIR }}
+      - name: Setup Node.js ${{ matrix.node-version }}
+        # see https://github.com/actions/setup-node
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_ACTIVE_LTS }}
+          # cache: 'yarn'
+      - name: Setup yarn ${{ env.YARN_VERSION }}
+        run: |
+          corepack enable yarn
+          yarn set version ${{ env.YARN_VERSION }}
+      - name: Setup subject
+        run: yarn install --immutable
+      - name: build
+        run: yarn run build:gbtd
+      - name: test
+        run: >
+          yarn run test:standard
+          --format checkstyle
+          --output-file "$REPORTS_DIR/eslint.xml"
+      - name: Publish Checkstyle report
+        # see https://github.com/Juuxel/publish-checkstyle-report
+        uses: Juuxel/publish-checkstyle-report@v1
+        if: ${{ failure() || success() }}
+        with:
+          reports: ${{ env.REPORTS_DIR }}/eslint.xml
+      - name: artifact build result
+        # see https://github.com/actions/upload-artifact
+        uses: actions/upload-artifact@v3
+        if: ${{ failure() }}
+        with:
+          name: ${{ env.STANDARD_REPORTS_ARTIFACT }}
+          path: ${{ env.REPORTS_DIR }}
+          if-no-files-found: error
+
+  test-lint:
+    name: test standard
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v4
+      - run: mkdir -p ${{ env.REPORTS_DIR }}
+      - name: Setup Node.js ${{ matrix.node-version }}
+        # see https://github.com/actions/setup-node
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_ACTIVE_LTS }}
+          # cache: 'yarn'
+      - name: Setup yarn ${{ env.YARN_VERSION }}
+        run: |
+          corepack enable yarn
+          yarn set version ${{ env.YARN_VERSION }}
+      - name: Setup subject
+        run: yarn install --immutable
+      - name: build
+        run: yarn run build:gbtd
+      - name: test
+        run: yarn run test:lint
 
   test-node:
     needs: [ 'build' ]
-    name: jest (node${{ matrix.node-version }} ${{ matrix.os }})
+    name: test (node${{ matrix.node-version }} ${{ matrix.os }})
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
@@ -93,19 +162,19 @@ jobs:
       - name: Setup subject
         run: yarn install --immutable
       - name: setup-tests
-        run: yarn setup-tests
+        run: yarn run setup-tests
       - name: fetch build artifact
         # see https://github.com/actions/download-artifact
         uses: actions/download-artifact@v3
         with:
           name: ${{ env.DIST_DIR }}
           path: ${{ env.DIST_DIR }}
       - name: run tests
-        run: yarn test
+        run: yarn run test:node
       - name: collect coverage
         if: ${{ failure() || success() }}
         run: >
-          yarn c8 report
+          yarn exec c8 report
           --reporter clover
           --reports-dir '${{ env.REPORTS_DIR }}/coverage/${{ matrix.os }}_node${{ matrix.node-version }}'
       - name: artifact test reports
@@ -155,7 +224,7 @@ jobs:
           path: ${{ env.DIST_DIR }}
       - name: dogfooding
         run: >
-          yarn dogfooding
+          yarn run dogfooding
           --production
           --output-file=${{ env.REPORTS_DIR }}/bom.json
       - name: artifact test reports

.gitignore

@@ -1,20 +1,23 @@
+/.*.cache
+
+/reports/
+/CI_reports/
+/bundles/
+/CI_bundles/
+
+
+
 # yarn stuff - for now, until setup is hardened
 # see also: https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored
 /.pnp.*
 /.yarn/
 /.yarnrc.yml
 
 
-# No bundles for now untils release process is clarified.
-/bundles/
-
-
 # Only used during production build.
 /sources/buildtime-dependencies.json
 
 
-/.*.cache
-
 # Everything below here is from https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
 # Logs
 logs

CONTRIBUTING.md

@@ -20,15 +20,21 @@ Then add SDKs for you preferred editor as described on https://yarnpkg.com/getti
 Build bundle
 
 ```shell
-yarn build  # options: --source-map --no-minify
+yarn run build
 ```
 
 ## Testing
 
 Set up the tests once, via:
 
 ```shell
-yarn setup-tests
+yarn run setup-tests
+```
+
+Build with source-map for testing: 
+
+```shell
+yarn run build:bundle-dev
 ```
 
 Run to have a proper test suite pass:
@@ -42,7 +48,7 @@ yarn test
 Apply the coding style via:
 
 ```shell
-# .. TODO
+yarn run cs-fix
 ```
 
 ## Sign off your commits

NOTICE

@@ -1,4 +1,4 @@
-CycloneDX JavaScript Library
+CycloneDX SBOM plugin for yarn
 Copyright (c) OWASP Foundation. All Rights Reserved.
 
 This product includes software developed by the

README.md

@@ -87,7 +87,7 @@ Software-Bill-of-Materials(SBOM) in CycloneDX format.
 [yarn]: https://yarnpkg.com/
 [cyclonedx-library]: https://www.npmjs.com/package/@cyclonedx/cyclonedx-library
 
-[shield_gh-workflow-test]: https://img.shields.io/github/actions/workflow/status/CycloneDX/cyclonedx-node-yarn/test.yml?branch=1.0-dev&logo=GitHub&logoColor=white "tests"
+[shield_gh-workflow-test]: https://img.shields.io/github/actions/workflow/status/CycloneDX/cyclonedx-node-yarn/nodejs.yml?branch=1.0-dev&logo=GitHub&logoColor=white "tests"
 [shield_coverage]: https://img.shields.io/codacy/coverage/b0af77db5c7b4ab7a36eab255c7f9ede?logo=Codacy&logoColor=white "test coverage"
 [shield_license]: https://img.shields.io/github/license/CycloneDX/cyclonedx-node-yarn?logo=open%20source%20initiative&logoColor=white "license"
 [shield_website]: https://img.shields.io/badge/https://-cyclonedx.org-blue.svg "homepage"
@@ -96,7 +96,7 @@ Software-Bill-of-Materials(SBOM) in CycloneDX format.
 [shield_twitter-follow]: https://img.shields.io/badge/Twitter-follow-blue?logo=Twitter&logoColor=white "twitter follow"
 
 [link_website]: https://cyclonedx.org/
-[link_gh-workflow-test]: https://github.com/CycloneDX/cyclonedx-node-yarn/actions/workflows/test.yml?query=branch%3Amain
+[link_gh-workflow-test]: https://github.com/CycloneDX/cyclonedx-node-yarn/actions/workflows/nodejs.yml?query=branch%3A1.0-dev
 [link_codacy]: https://app.codacy.com/gh/CycloneDX/cyclonedx-node-yarn/dashboard
 [link_slack]: https://cyclonedx.org/slack/invite
 [link_discussion]: https://groups.io/g/CycloneDX