Allow SBOM file to be specified as previous delivery (!538) · Merge requests · hoppr / hoppr · GitLab

Jonathan Howard requested to merge 307-allow-previous-delivery-to-accept-an-sbom into dev Dec 14, 2023

Checklist

~~documentation is changed or added in ./docs~~
unit tests updated to test changes

Description

`hoppr/cli/bundle.py`

Add --delivered-sbom-output/-S option. If supplied by user, write the delivered SBOM to the specified location as the last step of hopctl bundle

`hoppr/core_plugins/delta_sbom.py`

Move tarfile extraction into new dedicated method _extract_tarfile_bom to reduce cognitive complexity
If previous delivery is not a tar file, load it as an Sbom if file content has a bomFormat key, otherwise load as a Manifest

`test/unit/cli/test_hopctl_bundle.py`

New test module to exercise the above changes

Closes #307 (closed)

Edited Dec 15, 2023 by Jonathan Howard