CycloneDX
diff --git a/‎.github/workflows/docs.yml
Lines changed: 34 additions & 0 deletions b/‎.github/workflows/docs.yml
Lines changed: 34 additions & 0 deletions
diff --git a/‎.github/workflows/manual-release-candidate.yml
Lines changed: 17 additions & 13 deletions b/‎.github/workflows/manual-release-candidate.yml
Lines changed: 17 additions & 13 deletions
diff --git a/‎.gitignore
Lines changed: 0 additions & 3 deletions b/‎.gitignore
Lines changed: 0 additions & 3 deletions
diff --git a/‎.readthedocs.yaml
Lines changed: 0 additions & 45 deletions b/‎.readthedocs.yaml
Lines changed: 0 additions & 45 deletions
diff --git a/‎README.md
Lines changed: 194 additions & 5 deletions b/‎README.md
Lines changed: 194 additions & 5 deletions
@@ -0,0 +1,34 @@
+name: Publish documentation
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  build-documentation:
+    name: "Build documentation"
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v2
+      - name: Setup Python Environment
+        # see https://github.com/actions/setup-python
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.9
+          architecture: 'x64'
+      - name: Install dependencies
+        run: pip install -r doc/requirements.txt
+      - name: Build documentation
+        run: |
+          pdoc --template-dir doc/templates --html cyclonedx
+      - name: Deploy documentation
+        uses: JamesIves/[email protected]
+        with:
+          branch: gh-pages
+          folder: html/cyclonedx
+          token: ${{ secrets.GITHUB_TOKEN }}
@@ -1,17 +1,22 @@
-name: Manual Pre Release Publish
+name: Manual Release Candidate
 
 on:
   workflow_dispatch:
     inputs:
-      release_candidate_suffix:
-        description: 'RC Suffix e.g. rc0, beta1, alpha2. Do not include a leading hyphen.'
+      branch:
+        description: 'Branch to produce Release Candidate from'
         required: true
         type: string
+      rc_number:
+        description: 'RC Number'
+        default: 0
+        required: true
+        type: number
 
 jobs:
-  release_candidate:
+  release:
     runs-on: ubuntu-latest
-    concurrency: release_candidate
+    concurrency: release
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
@@ -26,13 +31,12 @@ jobs:
           poetry config virtualenvs.create false
           poetry install
           python -m pip install python-semantic-release
-      - name: Apply Pre Release Version
+      - name: Determine RC candidate version
         run: |
-          RC_VERSION="$(semantic-release --noop --major print-version)-${{ github.event.inputs.release_candidate_suffix }}"
+          RC_VERSION="$(python-semantic-release --noop --major print-version)rc${{ inputs.rc_number }})"
           echo "RC Version will be: ${RC_VERSION}"
-          poetry version ${RC_VERSION}
-          poetry build
-      - name: Publish Pre Release 📦 to PyPI
-        uses: pypa/gh-action-pypi-publish@master
-        with:
-          password: ${{ secrets.PYPI_TOKEN }}
+#      - name: Python Semantic Release
+#        uses: relekang/python-semantic-release@master
+#        with:
+#          github_token: ${{ secrets.GITHUB_TOKEN }}
+#          pypi_token: ${{ secrets.PYPI_TOKEN }}
@@ -26,6 +26,3 @@ html/
 
 # mypy caches
 /.mypy_cache
-
-# Exlude built docs
-docs/_build
@@ -2,7 +2,6 @@
 
 [![shield_gh-workflow-test]][link_gh-workflow-test]
 [![shield_pypi-version]][link_pypi]
-[![shield_conda-forge-version]][link_conda-forge]
 [![shield_license]][license_file]  
 [![shield_website]][link_website]
 [![shield_slack]][link_slack]
@@ -23,7 +22,199 @@ Additionally, you can use this module yourself in your application to programmat
 
 CycloneDX is a lightweight BOM specification that is easily created, human-readable, and simple to parse.
 
-View our documentation [here](https://cyclonedx-python-library.readthedocs.io/).
+## Installation
+
+Install from pypi.org as you would any other Python module:
+
+```shell
+pip install cyclonedx-python-lib
+```
+
+## Architecture
+
+This module break out into three key areas:
+
+1. **Parser**: Use a parser that suits your needs to automatically gather information about your environment or
+   application
+2. **Model**: Internal models used to unify data from different parsers
+3. **Output**: Choose and configure an output which allows you to define output format as well as the CycloneDX schema
+   version
+
+### Parsing
+
+You can use one of the parsers to obtain information about your project or environment. Available parsers:
+
+| Parser | Class / Import | Description |
+| ------- | ------ | ------ |
+| CondaListJsonParser | `from cyclonedx.parser.conda import CondaListJsonParser` | Parses input provided as a `str` that is output from `conda list --json` |
+| CondaListExplicitParser | `from cyclonedx.parser.conda import CondaListExplicitParser` | Parses input provided as a `str` that is output from `conda list --explicit` or `conda list --explicit --md5` |
+| Environment | `from cyclonedx.parser.environment import EnvironmentParser` | Looks at the packaged installed in your current Python environment. |
+| PipEnvParser | `from cyclonedx.parser.pipenv import PipEnvParser` | Parses `Pipfile.lock` content passed in as a string. |
+| PipEnvFileParser | `from cyclonedx.parser.pipenv import PipEnvFileParser` | Parses the `Pipfile.lock` file at the supplied path. |
+| PoetryParser | `from cyclonedx.parser.poetry import PoetryParser` | Parses `poetry.lock` content passed in as a string. |
+| PoetryFileParser | `from cyclonedx.parser.poetry import PoetryFileParser` | Parses the `poetry.lock` file at the supplied path. |
+| RequirementsParser | `from cyclonedx.parser.requirements import RequirementsParser` | Parses a multiline string that you provide that conforms to the `requirements.txt` [PEP-508] standard. |
+| RequirementsFileParser | `from cyclonedx.parser.requirements import RequirementsFileParser` | Parses a file that you provide the path to that conforms to the `requirements.txt` [PEP-508] standard. |
+
+#### Example
+
+```py
+from cyclonedx.parser.environment import EnvironmentParser
+
+parser = EnvironmentParser()
+```
+
+#### Notes on Requirements parsing
+
+CycloneDX software bill-of-materials require pinned versions of requirements. If your `requirements.txt` does not have
+pinned versions, warnings will be recorded and the dependencies without pinned versions will be excluded from the
+generated CycloneDX. CycloneDX schemas (from version 1.0+) require a component to have a version when included in a
+CycloneDX bill of materials (according to schema).
+
+If you need to use a `requirements.txt` in your project that does not have pinned versions an acceptable workaround
+might be to:
+
+```shell
+pip install -r requirements.txt
+pip freeze > requirements-frozen.txt
+```
+
+You can then feed in the frozen requirements from `requirements-frozen.txt` _or_ use the `Environment` parser one you
+have `pip install`ed your dependencies.
+
+### Modelling
+
+You can create a BOM Model from either a Parser instance or manually using the methods avaialbel directly on the `Bom` class.
+
+The model also supports definition of vulnerabilities for output using the CycloneDX schema extension for
+[Vulnerability Disclosures](https://cyclonedx.org/use-cases/#vulnerability-disclosure) as of version 0.3.0.
+
+**Note:** Known vulnerabilities associated with Components can be sourced from various data sources, but this library
+will not source them for you. Perhaps look at [Jake][jake] if you're interested in this.
+
+#### Example from a Parser
+
+```py
+from cyclonedx.model.bom import Bom
+from cyclonedx.parser.environment import EnvironmentParser
+
+parser = EnvironmentParser()
+bom = Bom.from_parser(parser=parser)
+```
+
+### Generating Output
+
+Once you have an instance of a `Bom` you can produce output in either `JSON` or `XML` against any of the supporting CycloneDX schema versions as you require.
+
+We provide two helper methods:
+
+* Output to string (for you to do with as you require)
+* Output directly to a filename you provide
+
+#### Example as JSON
+
+```py
+from cyclonedx.output import get_instance, OutputFormat
+
+outputter = get_instance(bom=bom, output_format=OutputFormat.JSON)
+outputter.output_as_string()
+```
+
+#### Example as XML
+
+```py
+from cyclonedx.output import get_instance, SchemaVersion
+
+outputter = get_instance(bom=bom, schema_version=SchemaVersion.V1_2)
+outputter.output_to_file(filename='/tmp/sbom-v1.2.xml')
+```
+
+## Library API Documentation
+
+The Library API Documentation is available online at [https://cyclonedx.github.io/cyclonedx-python-lib/](https://cyclonedx.github.io/cyclonedx-python-lib/).
+
+## Schema Support
+
+This library is a work in progress and complete support for all parts of the CycloneDX schema will come in future releases.
+
+Here is a summary of the parts of the schema supported by this library:
+
+_Note: We refer throughout using XPath, but the same is true for both XML and JSON output formats._
+
+<table width="100%">
+   <thead>
+      <tr>
+         <th>XPath</th>
+         <th>Support v1.3</th>
+         <th>Support v1.2</th>
+         <th>Support v1.1</th>
+         <th>Support v1.0</th>
+         <th>Notes</th>
+      </tr>
+   </thead>
+   <tbody>
+      <tr>
+         <td><code>/bom</code></td>
+         <td>Y</td><td>Y</td><td>Y</td><td>Y</td>
+         <td>
+            This is the root element and is supported with all it's defined attributes.
+         </td>
+      </tr>
+      <tr>
+         <td><code>/bom/metadata</code></td>
+         <td>Y</td><td>Y</td><td>N/A</td><td>N/A</td>
+         <td>
+            <code>timestamp</code> and <code>tools</code> are currently supported 
+         </td>
+      </tr>
+      <tr>
+         <td><code>/bom/components</code></td>
+         <td>Y</td><td>Y</td><td>Y</td><td>Y</td>
+         <td>&nbsp;</td>
+      </tr>
+      <tr>
+         <th colspan="6"><strong><code>/bom/components/component</code></strong></th>
+      </tr>
+      <tr>
+         <td><code>./author</code></td>
+         <td>Y</td><td>Y</td><td>N/A</td><td>N/A</td>
+         <td>&nbsp;</td>
+      </tr>
+      <tr>
+         <td><code>./name</code></td>
+         <td>Y</td><td>Y</td><td>Y</td><td>Y</td>
+         <td>&nbsp;</td>
+      </tr>
+      <tr>
+         <td><code>./version</code></td>
+         <td>Y</td><td>Y</td><td>Y</td><td>Y</td>
+         <td>&nbsp;</td>
+      </tr>
+      <tr>
+         <td><code>./purl</code></td>
+         <td>Y</td><td>Y</td><td>Y</td><td>Y</td>
+         <td>&nbsp;</td>
+      </tr>
+      <tr>
+         <td><code>./externalReferences</code></td>
+         <td>Y</td><td>Y</td><td>Y</td><td>N/A</td>
+         <td>Not all Parsers have this information. It will be populated where there is information available.</td>
+      </tr>
+      <tr>
+         <td><code>./hashes</code></td>
+         <td>Y</td><td>Y</td><td>Y</td><td>Y</td>
+         <td>
+            These are supported when programmatically creating a <code>Bom</code> - these will not currently be 
+            automatically populated when using a <code>Parser</code>.
+         </td>
+      </tr>
+   </tbody>
+</table>
+
+### Notes on Schema Support
+
+* N/A is where the CycloneDX standard does not include this
+* If the table above does not refer to an element, it is not currently supported
 
 ## Python Support
 
@@ -53,16 +244,14 @@ See the [LICENSE][license_file] file for the full license.
 [contributing_file]: https://github.com/CycloneDX/cyclonedx-python-lib/blob/master/CONTRIBUTING.md
 
 [shield_gh-workflow-test]: https://img.shields.io/github/workflow/status/CycloneDX/cyclonedx-python-lib/Python%20CI/main?logo=GitHub&logoColor=white "build"
-[shield_pypi-version]: https://img.shields.io/pypi/v/cyclonedx-python-lib?logo=pypi&logoColor=white&label=PyPI "PyPI"
-[shield_conda-forge-version]: https://img.shields.io/conda/vn/conda-forge/cyclonedx-python-lib?logo=anaconda&logoColor=white&label=conda-forge "conda-forge"
+[shield_pypi-version]: https://img.shields.io/pypi/v/cyclonedx-python-lib?logo=Python&logoColor=white&label=PyPI "PyPI"
 [shield_license]: https://img.shields.io/github/license/CycloneDX/cyclonedx-python-lib "license"
 [shield_website]: https://img.shields.io/badge/https://-cyclonedx.org-blue.svg "homepage"
 [shield_slack]: https://img.shields.io/badge/slack-join-blue?logo=Slack&logoColor=white "slack join"
 [shield_groups]: https://img.shields.io/badge/discussion-groups.io-blue.svg "groups discussion"
 [shield_twitter-follow]: https://img.shields.io/badge/Twitter-follow-blue?logo=Twitter&logoColor=white "twitter follow"
 [link_gh-workflow-test]: https://github.com/CycloneDX/cyclonedx-python-lib/actions/workflows/poetry.yml?query=branch%3Amain
 [link_pypi]: https://pypi.org/project/cyclonedx-python-lib/
-[link_conda-forge]: https://anaconda.org/conda-forge/cyclonedx-python-lib
 [link_website]: https://cyclonedx.org/
 [link_slack]: https://cyclonedx.org/slack/invite
 [link_discussion]: https://groups.io/g/CycloneDX