modified: .circleci/config.yml (#1122)

young-yang03 · Young Yang · web-flow · commit 3865bb608167 · 2024-07-08T14:39:09.000+08:00
modified:   Dockerfile_mbtci_template
	modified:   internal/commands/commands.go

Co-authored-by: Young Yang &lt;young.yang03@sap.com&gt;
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -141,9 +141,8 @@ jobs:
             CYCLONEDX_NPM_PACKAGE=@cyclonedx/cyclonedx-npm
             CYCLONEDX_NPM_VERSION=1.11.0
             CYCLONEDX_NPM_BINARY=cyclonedx-npm
-            npm install ${CYCLONEDX_NPM_PACKAGE}@${CYCLONEDX_NPM_VERSION} --no-save
-            echo "${CYCLONEDX_NPM_BINARY} -h"
-            npx ${CYCLONEDX_NPM_BINARY} -h
+            echo "npx ${CYCLONEDX_NPM_PACKAGE}@${CYCLONEDX_NPM_VERSION} -h"
+            npx ${CYCLONEDX_NPM_PACKAGE}@${CYCLONEDX_NPM_VERSION} -h
       - run:
           name: build mbt binary
           command: |
diff --git a/Dockerfile_mbtci_template b/Dockerfile_mbtci_template
@@ -293,6 +293,13 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && echo "cyclonedx-gomod smoke tests!" \
   && cyclonedx-gomod version
 
+# Install cyclonedx-npm
+RUN set -ex \
+  && npm install --prefix /usr/local/ -g ${CYCLONEDX_NPM_PACKAGE}@${CYCLONEDX_NPM_VERSION} \
+  # smoke test
+  && echo "${CYCLONEDX_NPM_BINARY} install smoke test!" \
+  && ${CYCLONEDX_NPM_BINARY} --version
+
 # Install curl and ca-certificates
 RUN set -ex \
   && apt-get update \
diff --git a/internal/commands/commands.go b/internal/commands/commands.go
@@ -344,9 +344,10 @@ func GetModuleSBomGenCommands(loc *dir.Loc, module *mta.Module,
 	case "npm", "npm-ci", "grunt", "evo":
 		cmd = "npm install"
 		cmds = append(cmds, cmd)
-		cmd = "npm install " + cyclonedx_npm + "@" + cyclonedx_npm_version + " --no-save"
-		cmds = append(cmds, cmd)
-		cmd = "npx cyclonedx-npm --output-format " + strings.ToUpper(sbomFileType) + " --spec-version " + cyclonedx_npm_schema_version + " --output-file " + sbomFileName + sbomFileSuffix
+		// cmd = "npm install " + cyclonedx_npm + "@" + cyclonedx_npm_version + " --no-save"
+		// cmds = append(cmds, cmd)
+		// cmd = "npx cyclonedx-npm --output-format " + strings.ToUpper(sbomFileType) + " --spec-version " + cyclonedx_npm_schema_version + " --output-file " + sbomFileName + sbomFileSuffix
+		cmd = "npx " + cyclonedx_npm + "@" + cyclonedx_npm_version + " --output-format " + strings.ToUpper(sbomFileType) + " --spec-version " + cyclonedx_npm_schema_version + " --output-file " + sbomFileName + sbomFileSuffix
 		cmds = append(cmds, cmd)
 	case "golang":
 		cmd = "cyclonedx-gomod mod -output-version 1.4 -licenses -output " + sbomFileName + sbomFileSuffix
