Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support providing a solution filter #853

Open
KieranFoot opened this issue Feb 14, 2024 · 8 comments
Open

Support providing a solution filter #853

KieranFoot opened this issue Feb 14, 2024 · 8 comments
Labels
enhancement New feature or request

Comments

@KieranFoot
Copy link

It would be nice if instead of the current supported file type, we could provide solution filters to the tool. This would allow developers to hand pick the projects that they wish to be part of the BOM.

@github-actions github-actions bot added the triage Don't know what to do with this yet label Feb 14, 2024
@mtsfoni
Copy link
Contributor

mtsfoni commented Feb 15, 2024

Can you describe what you understand under "solution filter".

Can you describe a case where using a project- or a solution-file is not sufficient for selecting relevant projects? What is it you are trying to achieve? Is this an A-B Problem?

@KieranFoot
Copy link
Author

It's not an issue, it's just an improvement that would assist people that are already using solution filters, but I'll proceed to describe my use case.

I currently have a monolithic solution containing code for many target architectures and operating systems. I have CI/CD pipelines for each target since the code and dependencies cannot be compiled on just any platform.

In both Visual Studio and Rider, you can create a Project Filter from a solution, this is basically a JSON file that describes both the solution and the projects to include (thus filtering the ones not included).

I would like the ability to use a solution filter as I currently use it for all relevant dotnet commands in place of a solution/project and it would be simpler if I could use it here too rather than having to create and manage the lists in several different places.

Also, in my opinion, the solution filter format is much simpler then a solution file to both consume and maintain manually.

For some information on filters, see here

As I say, currently, this is how I separate code to progress through my pipelines per target.

@mtsfoni
Copy link
Contributor

mtsfoni commented Feb 19, 2024

So I assume you use the cyclonedx tool on the solution-file rather than the specific project-file?

When a solution file is targeted, the cyclonedx tool basically creates a bom for each project inside the solution and aggregates those mindlessly. This is not a very clever, smart, or even correct way to build a bom. If there are different output projects that have different versions of dependencies, it gets super messy. Yes, solution filters could reduce that problem.

However, there is an explicit way to get exactly what one needs and want:
Call the cyclonedx tool with the project file, that is the actual output (the webserver, windowsservice, .exe etc.). Unless one still uses packages.config files, cyclonedx will read all important information from the nuget-generated project.assets.json file and generate a quite accurate bom with the dependency tree.
In my workplace, we generate a seperate frontend bom and a backend bom from the respective projects inside the solution.

That being said. I am not absolute against support for solution filters, however I see calling the tool with a solution file more as a comfortable shortcut than an accurate approach of generating a bom. A program is normal one project (with dependencies); a solution is a bundle of many (usually related) projects.
It might be that the Buildalyzer integration that is currently in work might already offer some support, and we just need to add the argument.

Long Story short: Would accept a proper PR, but won't do it by myself as I don't see it really necessary.

@KieranFoot
Copy link
Author

Ok, thanks, I'll put together a PR when I have the time.

@pepcots
Copy link

pepcots commented Apr 19, 2024

I faced that, my workaround was creating a sln from the slnf with an small powershell script. But, in the end, I agree it makes more sense calling cyclone tool pointing to a project instead of a full solution.

Param($SLNFPath, $SLNOutPath)

#Parse snlf json file
$slnf_json = Get-Content -Path "$SLNFPath" | Out-String | ConvertFrom-Json
#Get slnf projects list
$slnf_projs = $slnf_json.solution.projects
#Get full solution project list
$SLNFFolder = (Get-Item "$SLNFPath").DirectoryName
$sln_projs = dotnet sln "$SLNFFolder/$($slnf_json.solution.path)" list 

#Create a copy for the solution file
Copy-Item -Path "$SLNFFolder/$($slnf_json.solution.path)" -Destination $SLNOutPath

#Remove projects that do not appear in the slnf
$sln_projs | Where-Object { $_ -notin $slnf_projs } | ForEach-Object {
    dotnet sln $SLNOutPath remove "$SLNFFolder/$_"
}

@mtsfoni mtsfoni added enhancement New feature or request and removed triage Don't know what to do with this yet labels Apr 19, 2024
Copy link

This issue is stale because it has been open for 3 months with no activity.

@github-actions github-actions bot added the stale label Jul 21, 2024
@michha
Copy link

michha commented Jan 13, 2025

@KieranFoot did you start with a PR already?
Otherwise I would probably start into something within the next weeks.

edit:
I looked into the code and adding slnf support was quite simple. I have a working code, I will make a PR, probably this week.

michha pushed a commit to michha/cyclonedx-dotnet that referenced this issue Jan 13, 2025
@KieranFoot
Copy link
Author

@michha No, I hadn't started as it wasn't strictly needed for my workflow.

@github-actions github-actions bot removed the stale label Jan 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

4 participants