CycloneDX · jkowalleck · Jun 17, 2024 · Jun 17, 2024 · Jun 17, 2024 · Jun 17, 2024
@@ -89,9 +89,6 @@ jobs:
           - "14"
           - "14.0.0"  # lowest supported
     steps:
-      - name: Checkout
-        # see https://github.com/actions/checkout
-        uses: actions/checkout@v4
       - name: Setup Node.js ${{ matrix.node-version }}
         # see https://github.com/actions/setup-node
         uses: actions/setup-node@v4
@@ -104,11 +101,19 @@ jobs:
         run: |-
           npm i -g npm@^8
           npm --version
+      - name: enable pnpm
+        if: "matrix.node-version != '14.0.0'"  # yarn14 has broken corepack
+        run: |-
+          corepack enable pnpm
+          pnpm --version
       - name: enable yarn
         if: "matrix.node-version != '14.0.0'"  # yarn14 has broken corepack
         run: |-
-          corepack enable yarn
+          corepack enable
           yarn --version
+      - name: Checkout
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v4
       - name: install project
         shell: bash
         run: |

@@ -67,6 +67,25 @@ const testSetups = [
       }
     ]
   },
+  {
+    dir: 'webpack5-vue2-pnpm',
+    purpose: 'functional: webpack5 with vue2 in pnpm setup',
+    packageManager: 'pnpm',
+    results: [ // paths relative to `dir`
+      {
+        format: 'xml',
+        file: 'dist/.bom/bom.xml'
+      },
+      {
+        format: 'json',
+        file: 'dist/.bom/bom.json'
+      },
+      {
+        format: 'json',
+        file: 'dist/.well-known/sbom'
+      }
+    ]
+  },
   {
     dir: 'webpack5-angular13',
     purpose: 'functional: webpack5 with angular13',

@@ -35,6 +35,14 @@ const nodeSV = Object.freeze((process?.versions?.node ?? '').split('.').map(Numb
     // endregion regression tests
   ]
 
+  const REQUIRES_PNPM_INSTALL = [
+    // region functional tests
+    'webpack5-vue2-pnpm'
+    // endregion functional tests
+    // region regression tests
+    // endregion regression tests
+  ]
+
   const REQUIRES_YARN_INSTALL = nodeSV[0] > 16
     ? [
         // region functional tests
@@ -68,6 +76,21 @@ const nodeSV = Object.freeze((process?.versions?.node ?? '').split('.').map(Numb
     }
   }
 
+  for (const DIR of REQUIRES_PNPM_INSTALL) {
+    console.log('>>> setup with PNPM:', DIR)
+    const done = spawnSync(
+      'pnpm', ['install', '--frozen-lockfile'], {
+        cwd: path.resolve(__dirname, DIR),
+        stdio: 'inherit',
+        shell: true
+      }
+    )
+    if (done.status !== 0) {
+      ++process.exitCode
+      console.error(done)
+    }
+  }
+
   for (const DIR of REQUIRES_YARN_INSTALL) {
     console.log('>>> setup with YARN:', DIR)
     let done = spawnSync(

@@ -0,0 +1 @@
+** linguist-vendored
@@ -0,0 +1,10 @@
+*
+!/.gitignore
+!/.gitattributes
+!/README.md
+!/package.json
+!/pnpm-lock.yaml
+!/.npmrc
+!/webpack.config.js
+!/src
+!/src/*
@@ -0,0 +1,3 @@
+;  see the docs: https://pnpm.io/npmrc
+
+lockfile=true
@@ -0,0 +1,4 @@
+# Test: Vue.js bundled with webpack5 in a pnpm setup
+
+This setup is intended to create reproducible results (SBoM).  
+It might install outdated, unmaintained or vulnerable components, for showcasing purposes.
@@ -0,0 +1,46 @@
+{
+  "name": "@cyclonedx-webpack-plugin-tests/example-webpack5-vue2-pnpm",
+  "description": "example setup witch Vue2 in WebPack5 with pnpm setup",
+  "private": true,
+  "homepage": "https://github.com/CycloneDX/cyclonedx-webpack-plugin/tree/master/tests/integration/webpack5-vue2#readme",
+  "copyright": "Copyright OWASP Foundation",
+  "license": "Apache-2.0",
+  "author": {
+    "name": "Jan Kowalleck",
+    "email": "[email protected]"
+  },
+  "contributors": [
+    {
+      "name": "Jan Kowalleck",
+      "email": "[email protected]"
+    }
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/CycloneDX/cyclonedx-webpack-plugin.git",
+    "directory": "tests/integration/webpack5-vue2-yarn"
+  },
+  "bugs": {
+    "url": "https://github.com/CycloneDX/cyclonedx-webpack-plugin/issues"
+  },
+  "main": "index.html",
+  "scripts": {
+    "prebuild:node": "node -r fs -e 'fs.rmSync(\"dist\",{recursive:true,force:true})'",
+    "build": "webpack build"
+  },
+  "dependencies": {
+    "vue": "^2.6.14"
+  },
+  "devDependencies": {
+    "@cyclonedx/webpack-plugin": "link:../../..",
+    "html-inline-script-webpack-plugin": "^3.0.0",
+    "html-webpack-plugin": "^5.5.0",
+    "webpack": "^5",
+    "webpack-cli": "^5"
+  },
+  "engines": {
+    "node": ">=14",
+    "pnpm": ">=8"
+  },
+  "packageManager": "[email protected]"
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		; see the docs: https://pnpm.io/npmrc

		lockfile=true