From 965b9666edeca995e0e37b898f96538da0e399b1 Mon Sep 17 00:00:00 2001
From: Patrick Dwyer <coderpatros@outlook.com>
Date: Mon, 19 Oct 2020 22:54:46 +1000
Subject: [PATCH] Add packaging to project files and release workflow

---
 .github/workflows/release.yml            |  93 +++++++++++++++
 .github/workflows/release.yml.tmp        | 140 -----------------------
 .gitignore                               |   2 +-
 CycloneDX.Json/CycloneDX.Json.csproj     |  18 ++-
 CycloneDX.Models/CycloneDX.Models.csproj |  14 ++-
 CycloneDX.Xml/CycloneDX.Xml.csproj       |  18 ++-
 6 files changed, 134 insertions(+), 151 deletions(-)
 create mode 100644 .github/workflows/release.yml
 delete mode 100644 .github/workflows/release.yml.tmp

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 00000000..7d7660b9
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,93 @@
+# This workflow is used for publishing the NuGet packages.
+#
+# Before triggering a release the `semver.txt` file should be updated in the
+# relevant branch.
+#
+# When commiting the version change in `semver.txt` the commit message is
+# important as it will be used for the release in GitHub.
+#
+# For an example commit browse to
+# https://github.com/CycloneDX/cyclonedx-dotnet/commit/d110af854371374460430bb8438225a7d7a84274.
+# 
+# The resulting release is here
+# https://github.com/CycloneDX/cyclonedx-dotnet/releases/tag/v1.0.0.
+#
+# Releases are triggered manually. This can be done by browsing to
+# https://github.com/CycloneDX/cyclonedx-dotnet-library/actions?query=workflow%3ARelease
+# and selecting "Run workflow". If releasing a patch for a previous version
+# make sure the correct branch is selected. It will default to the default
+# branch.
+name: Release
+
+on:
+  workflow_dispatch
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - uses: actions/checkout@v2.3.3
+      
+      # The tests should have already been run during the PR workflow, so this is really just a sanity check
+      - name: Tests
+        run: dotnet test
+
+      # Build and package everything
+      - name: Package release
+        id: package_release
+        run: |
+          VERSION=`cat semver.txt`
+          echo "##[set-output name=version;]$VERSION"
+          dotnet build --configuration Release
+          dotnet pack --configuration Release --version-suffix $VERSION --output ./nupkgs
+
+      - name: Publish packages to NuGet
+        env:
+          NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
+        run: |
+          dotnet nuget push --source https://api.nuget.org/v3/index.json --api-key "$NUGET_API_KEY" ./nupkgs/CycloneDX.Models.${{ steps.package_release.outputs.version }}.nupkg
+          dotnet nuget push --source https://api.nuget.org/v3/index.json --api-key "$NUGET_API_KEY" ./nupkgs/CycloneDX.Json.${{ steps.package_release.outputs.version }}.nupkg
+          dotnet nuget push --source https://api.nuget.org/v3/index.json --api-key "$NUGET_API_KEY" ./nupkgs/CycloneDX.Xml.${{ steps.package_release.outputs.version }}.nupkg
+
+      - name: Create github release and git tag for release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          release_name: ${{ steps.package_release.outputs.version }}
+          tag_name: v${{ steps.package_release.outputs.version }}
+          draft: false
+          prerelease: false
+
+      - name: Upload package to github release
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./nupkgs/CycloneDX.Models.${{ steps.package_release.outputs.version }}.nupkg
+          asset_name: CycloneDX.Models.${{ steps.package_release.outputs.version }}.nupkg
+          asset_content_type: application/zip
+
+      - name: Upload package to github release
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./nupkgs/CycloneDX.Json.${{ steps.package_release.outputs.version }}.nupkg
+          asset_name: CycloneDX.Json.${{ steps.package_release.outputs.version }}.nupkg
+          asset_content_type: application/zip
+
+      - name: Upload package to github release
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./nupkgs/CycloneDX.Xml.${{ steps.package_release.outputs.version }}.nupkg
+          asset_name: CycloneDX.Xml.${{ steps.package_release.outputs.version }}.nupkg
+          asset_content_type: application/zip
diff --git a/.github/workflows/release.yml.tmp b/.github/workflows/release.yml.tmp
deleted file mode 100644
index 6efa6b04..00000000
--- a/.github/workflows/release.yml.tmp
+++ /dev/null
@@ -1,140 +0,0 @@
-# This workflow is used for publishing the NuGet package and Docker image.
-#
-# Before triggering a release the `semver.txt` file should be updated in the
-# relevant branch.
-#
-# When commiting the version change in `semver.txt` the commit message is
-# important as it will be used for the release in GitHub.
-#
-# For an example commit browse to
-# https://github.com/CycloneDX/cyclonedx-dotnet/commit/d110af854371374460430bb8438225a7d7a84274.
-# 
-# The resulting release is here
-# https://github.com/CycloneDX/cyclonedx-dotnet/releases/tag/v1.0.0.
-#
-# Releases are triggered manually. This can be done by browsing to
-# https://github.com/CycloneDX/cyclonedx-dotnet/actions?query=workflow%3ARelease
-# and selecting "Run workflow". If releasing a patch for a previous version
-# make sure the correct branch is selected. It will default to the default
-# branch.
-name: Release
-
-on:
-  workflow_dispatch
-
-jobs:
-  release:
-    name: Release
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    steps:
-      - uses: actions/checkout@v2.3.3
-      
-      # The tests should have already been run during the PR workflow, so this is really just a sanity check
-      - name: Tests
-        run: dotnet test
-
-      # Build and package everything, including the Docker image
-      - name: Package release
-        id: package_release
-        run: |
-          VERSION=`cat semver.txt`
-          OUTPUT=./nupkgs
-          echo "##[set-output name=version;]$VERSION"
-          echo "##[set-output name=package_name;]CycloneDX.$VERSION.nupkg"
-          echo "##[set-output name=package_filename;]$OUTPUT/CycloneDX.$VERSION.nupkg"
-          REPO=cyclonedx/cyclonedx-dotnet
-          dotnet build --configuration Release
-          dotnet pack CycloneDX/CycloneDX.csproj --configuration Release --version-suffix $VERSION --output $OUTPUT
-          docker build -f Dockerfile --build-arg VERSION=$VERSION -t $REPO:$VERSION -t $REPO:latest .
-
-      # We install the newly generated tool as bit of a "smoke test" and to generate an SBOM for the release
-      - name: Install newly generated version of CLI tool
-        run: |
-          dotnet tool install --global CycloneDX --version ${{ steps.package_release.outputs.version }} --add-source ./nupkgs
-
-      - name: Generate XML SBOM
-        uses: CycloneDX/gh-dotnet-generate-sbom@master
-        with:
-          path: ./CycloneDX.sln
-          github-bearer-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Generate JSON SBOM
-        uses: CycloneDX/gh-dotnet-generate-sbom@master
-        with:
-          path: ./CycloneDX.sln
-          json: true
-          github-bearer-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Publish package to NuGet
-        env:
-          NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
-        run: |
-          dotnet nuget push --source https://api.nuget.org/v3/index.json --api-key "$NUGET_API_KEY" ${{ steps.package_release.outputs.package_filename }}
-
-      - name: Publish Docker image to Docker Hub
-        env:
-          DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
-        run: |
-          REPO=cyclonedx/cyclonedx-dotnet
-          docker login --username coderpatros --password "$DOCKER_TOKEN"
-          docker push $REPO:latest
-          docker push $REPO:${{ steps.package_release.outputs.version }}
-
-      - name: Create github release and git tag for release
-        id: create_release
-        uses: actions/create-release@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          release_name: ${{ steps.package_release.outputs.version }}
-          tag_name: v${{ steps.package_release.outputs.version }}
-          draft: false
-          prerelease: false
-
-      - name: Upload package to github release
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ${{ steps.package_release.outputs.package_filename }}
-          asset_name: ${{ steps.package_release.outputs.package_name }}
-          asset_content_type: application/zip
-
-      - name: Upload XML SBOM to github release
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: bom.xml
-          asset_name: bom.xml
-          asset_content_type: application/xml
-
-      - name: Upload JSON SBOM to github release
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: bom.json
-          asset_name: bom.json
-          asset_content_type: application/json
-
-      - name: Upload latest SBOM to Dependency-Track
-        uses: coderpatros/upload-bom-to-dependency-track@master
-        with:
-          serverhostname: cyclonedx-dependency-track.azurewebsites.net
-          apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
-          projectname: cyclonedx-dotnet
-          projectversion: latest
-
-      - name: Upload version SBOM to Dependency-Track
-        uses: coderpatros/upload-bom-to-dependency-track@master
-        with:
-          serverhostname: cyclonedx-dependency-track.azurewebsites.net
-          apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
-          projectname: cyclonedx-dotnet
-          projectversion: ${{ steps.package_release.outputs.version }}
-          autocreate: true
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 1503397d..a7cf1290 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,7 +2,7 @@
 /.vscode/
 bin/
 obj/
-packages/
+nupkgs/
 coverage-report/
 coverage.cobertura.xml
 */__snapshots__/__mismatch__/
\ No newline at end of file
diff --git a/CycloneDX.Json/CycloneDX.Json.csproj b/CycloneDX.Json/CycloneDX.Json.csproj
index 940e6401..27670c6e 100644
--- a/CycloneDX.Json/CycloneDX.Json.csproj
+++ b/CycloneDX.Json/CycloneDX.Json.csproj
@@ -2,14 +2,24 @@
 
   <PropertyGroup>
     <TargetFramework>netstandard2.0</TargetFramework>
+    <Product>CycloneDX.Json</Product>
+    <Authors>Steve Springett</Authors>
+    <Copyright>Copyright (c) Steve Springett</Copyright>
+    <Description>A .NET Standard library for serializing and deserializing JSON format CycloneDX bill-of-material documents.</Description>
+    <PackageId>CycloneDX.Json</PackageId>
+    <PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>
+    <PackageProjectUrl>https://github.com/CycloneDX/cyclonedx-dotnet-library</PackageProjectUrl>
+    <PackageVersion>$(VersionSuffix)</PackageVersion>
+    <RepositoryType>git</RepositoryType>
+    <RepositoryUrl>https://github.com/CycloneDX/cyclonedx-dotnet-library.git</RepositoryUrl>
   </PropertyGroup>
 
-  <ItemGroup>
-    <PackageReference Include="System.Text.Json" Version="4.7.2" />
+  <ItemGroup>
+    <PackageReference Include="System.Text.Json" Version="4.7.2" />
   </ItemGroup>
 
-  <ItemGroup>
-    <ProjectReference Include="..\CycloneDX.Models\CycloneDX.Models.csproj" />
+  <ItemGroup>
+    <ProjectReference Include="..\CycloneDX.Models\CycloneDX.Models.csproj" />
   </ItemGroup>
 
 </Project>
diff --git a/CycloneDX.Models/CycloneDX.Models.csproj b/CycloneDX.Models/CycloneDX.Models.csproj
index b72e5d89..b2ea41b9 100644
--- a/CycloneDX.Models/CycloneDX.Models.csproj
+++ b/CycloneDX.Models/CycloneDX.Models.csproj
@@ -2,10 +2,20 @@
 
   <PropertyGroup>
     <TargetFramework>netstandard2.0</TargetFramework>
+    <Product>CycloneDX.Models</Product>
+    <Authors>Steve Springett</Authors>
+    <Copyright>Copyright (c) Steve Springett</Copyright>
+    <Description>A .NET Standard library of data models for CycloneDX bill-of-material documents.</Description>
+    <PackageId>CycloneDX.Models</PackageId>
+    <PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>
+    <PackageProjectUrl>https://github.com/CycloneDX/cyclonedx-dotnet-library</PackageProjectUrl>
+    <PackageVersion>$(VersionSuffix)</PackageVersion>
+    <RepositoryType>git</RepositoryType>
+    <RepositoryUrl>https://github.com/CycloneDX/cyclonedx-dotnet-library.git</RepositoryUrl>
   </PropertyGroup>
 
-  <ItemGroup>
-    <PackageReference Include="System.Text.Json" Version="4.7.2" />
+  <ItemGroup>
+    <PackageReference Include="System.Text.Json" Version="4.7.2" />
   </ItemGroup>
 
 </Project>
diff --git a/CycloneDX.Xml/CycloneDX.Xml.csproj b/CycloneDX.Xml/CycloneDX.Xml.csproj
index 4a5133b8..a6d0b55d 100644
--- a/CycloneDX.Xml/CycloneDX.Xml.csproj
+++ b/CycloneDX.Xml/CycloneDX.Xml.csproj
@@ -1,11 +1,21 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
-  <ItemGroup>
-    <ProjectReference Include="..\CycloneDX.Models\CycloneDX.Models.csproj" />
-  </ItemGroup>
-
   <PropertyGroup>
     <TargetFramework>netstandard2.0</TargetFramework>
+    <Product>CycloneDX.Xml</Product>
+    <Authors>Steve Springett</Authors>
+    <Copyright>Copyright (c) Steve Springett</Copyright>
+    <Description>A .NET Standard library for serializing and deserializing XML format CycloneDX bill-of-material documents.</Description>
+    <PackageId>CycloneDX.Xml</PackageId>
+    <PackageLicenseExpression>Apache-2.0</PackageLicenseExpression>
+    <PackageProjectUrl>https://github.com/CycloneDX/cyclonedx-dotnet-library</PackageProjectUrl>
+    <PackageVersion>$(VersionSuffix)</PackageVersion>
+    <RepositoryType>git</RepositoryType>
+    <RepositoryUrl>https://github.com/CycloneDX/cyclonedx-dotnet-library.git</RepositoryUrl>
   </PropertyGroup>
 
+  <ItemGroup>
+    <ProjectReference Include="..\CycloneDX.Models\CycloneDX.Models.csproj" />
+  </ItemGroup>
+
 </Project>