docs: add a more comprehensive example

Author: Avus-c

example/CMakeLists.txt

@@ -1,13 +1,13 @@
-# SPDX-FileCopyrightText: 2023-2024 Jochem Rutgers
-#
-# SPDX-License-Identifier: CC0-1.0
-
-# ##################################################################################################
-# Preamble
-
 cmake_minimum_required(VERSION 3.16)
 
-project(example-project)
+project(Example
+	VERSION 0.2.1
+	DESCRIPTION "Example project for SBOM-Builder"
+	LANGUAGES CXX
+	HOMEPAGE_URL "https://github.com/sodgeit/CMake-SBOM-Builder"
+)
+
+set(CMAKE_CXX_STANDARD 23)
 
 # Set some install location. This should probably be done by scripts that control CMake, but for
 # this example, embed it here.
@@ -19,43 +19,65 @@ if("${CMAKE_BUILD_TYPE}" STREQUAL "")
 	set(CMAKE_BUILD_TYPE "Debug")
 endif()
 
-# ##################################################################################################
-# SBOM setup
+# Include CPM.cmake to download dependencies.
+file(
+	DOWNLOAD
+	https://github.com/cpm-cmake/CPM.cmake/releases/latest/download/CPM.cmake
+	${CMAKE_CURRENT_BINARY_DIR}/cmake/CPM.cmake
+	EXPECTED_HASH SHA256=7b354f3a5976c4626c876850c93944e52c83ec59a159ae5de5be7983f0e17a2a
+)
 
+include(${CMAKE_CURRENT_BINARY_DIR}/cmake/CPM.cmake)
+include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/deps.cmake)
+
+# Include the SBOM.cmake file to generate the SBOM.
 include(../cmake/sbom.cmake)
 
-version_extract()
+# generate the version header and script files
+version_generate()
 
 # Setup the SBOM to be generated during install.
 sbom_generate(
-	OUTPUT
-		${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/example/sbom-${GIT_VERSION_PATH}.spdx
 	LICENSE CC0-1.0
-	SUPPLIER Example
-	SUPPLIER_URL https://example_company.com
+	SUPPLIER ${PROJECT_NAME}
+	SUPPLIER_URL ${PROJECT_HOMEPAGE_URL}
 )
 
-# ##################################################################################################
-# Example binary
+# mention the dependencies used in the SBOM
+sbom_add_package(
+	cxxopts
+	VERSION 3.2.0
+	SUPPLIER "Jarryd Beck (https://github.com/jarro2783/cxxopts)"
+	LICENSE MIT
+)
 
-# We now have set GIT_VERSION and friends set to the current project's version.  We also have a
-# version static library, version.sh and version.txt for further processing.
-version_generate()
+sbom_add_package(
+	Boost
+	VERSION "1.85.0"
+	SUPPLIER "https://www.boost.org"
+	LICENSE BSL-1.0
+)
 
 add_executable(example example.cpp)
-target_link_libraries(example example-project-version)
 
-# Install the application.
-install(TARGETS example RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+target_link_libraries(example
+	PRIVATE
+	${PROJECT_NAME}-version
+	cxxopts
+	Boost::algorithm
+)
 
-# Mention the example binary in the SBOM.
-sbom_add_target(example)
+# Install the version header and mention it in the SBOM.
+install(FILES ${PROJECT_BINARY_DIR}/include/${PROJECT_NAME}_version.h DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
+sbom_add_file(${CMAKE_INSTALL_INCLUDEDIR}/${PROJECT_NAME}_version.h FILETYPE SOURCE)
 
 # Install some other documentation (the version in this case).
 install(FILES ${PROJECT_BINARY_DIR}/version.txt DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/example)
-
-# Mention the version file in the SBOM.
 sbom_add_file(${CMAKE_INSTALL_DATAROOTDIR}/example/version.txt FILETYPE DOCUMENTATION TEXT)
 
+# Install the application & mention the example binary in the SBOM.
+install(TARGETS example RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
+sbom_add_target(example)
+
 # Trigger SBOM finalization and verification.
 sbom_finalize()

example/cmake/deps.cmake

@@ -0,0 +1,9 @@
+CPMAddPackage( "gh:jarro2783/[email protected]" )
+
+CPMAddPackage(
+	NAME Boost
+	VERSION 1.85.0
+	URL https://github.com/boostorg/boost/releases/download/boost-1.85.0/boost-1.85.0-cmake.tar.gz
+	URL_HASH SHA256=ab9c9c4797384b0949dd676cf86b4f99553f8c148d767485aaac412af25183e6
+	OPTIONS "BOOST_INCLUDE_LIBRARIES algorithm\\\;asio"
+)

example/example.cpp

@@ -1,13 +1,39 @@
-// SPDX-FileCopyrightText: 2023-2024 Jochem Rutgers
-//
-// SPDX-License-Identifier: CC0-1.0
+#include <print>
 
-// Include generated version header file.
-#include <example-project_version.h>
+#include <Example_version.h>
+#include <boost/algorithm/clamp.hpp>
+#include <cxxopts.hpp>
 
-#include <cstdio>
-
-int main()
+int main( int argc, char *argv[] )
 {
-	printf("Our version is: %s\n", EXAMPLE_PROJECT_VERSION);
+	std::println( "Example: Example-Project version {}", EXAMPLE_VERSION );
+
+	// clang-format off
+	cxxopts::Options options( "CPM-Test", "Testing CPM" );
+	options.add_options()
+	( "a", "Option A" )
+	( "b", "Option B" )
+	( "c", "Option C" );
+	// clang-format on
+
+	auto result = options.parse( argc, argv );
+
+	if ( result[ "a" ].as<bool>() )
+	{
+		std::println( "Option 'a' is set" );
+	}
+	if ( result[ "b" ].as<bool>() )
+	{
+		std::println( "Option 'b' is set" );
+	}
+	if ( result[ "c" ].as<bool>() )
+	{
+		std::println( "Option 'c' is set" );
+	}
+
+	std::println( "Boost Algorithm Test: {}", boost::algorithm::clamp( 5, 0, 10 ) );
+	std::println( "Boost Algorithm Test: {}", boost::algorithm::clamp( 5, 7, 10 ) );
+	std::println( "Boost Algorithm Test: {}", boost::algorithm::clamp( 5, 0, 3 ) );
+
+	exit( EXIT_SUCCESS );
 }

example/output/Example-sbom-0.2.1.spdx

@@ -0,0 +1,94 @@
+SPDXVersion: SPDX-2.3
+DataLicense: CC0-1.0
+SPDXID: SPDXRef-DOCUMENT
+DocumentName: Example-sbom.spdx
+DocumentNamespace: https://github.com/sodgeit/CMake-SBOM-Builder/spdxdocs/Example-0.2.1
+Creator: Organization: Example
+Creator: Tool: CMake-SBOM-Builder-0.2.1
+CreatorComment: <text>This SPDX document was created from CMake 3.30.1, using CMake-SBOM-Builder from https://github.com/sodgeit/CMake-SBOM-Builder</text>
+Created: 2024-07-23T19:52:50Z
+
+PackageName: Clang
+SPDXID: SPDXRef-compiler
+PackageVersion: 18.1.8
+PackageDownloadLocation: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageLicenseDeclared: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSupplier: Organization: Anonymous
+FilesAnalyzed: false
+PackageSummary: <text>The compiler as identified by CMake, running on Windows (AMD64)</text>
+PrimaryPackagePurpose: APPLICATION
+Relationship: SPDXRef-compiler CONTAINS NOASSERTION
+Relationship: SPDXRef-compiler BUILD_DEPENDENCY_OF SPDXRef-Example
+RelationshipComment: <text>SPDXRef-Example is built by compiler Clang (C:/Program Files/LLVM/bin/clang++.exe) version 18.1.8</text>
+
+PackageName: Example
+SPDXID: SPDXRef-Example
+ExternalRef: SECURITY cpe23Type cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
+ExternalRef: PACKAGE-MANAGER purl pkg:supplier/Example/[email protected]
+PackageVersion: 0.2.1
+PackageSupplier: Organization: Example
+PackageDownloadLocation: NOASSERTION
+PackageLicenseConcluded: CC0-1.0
+PackageLicenseDeclared: CC0-1.0
+PackageCopyrightText: 2024;Example
+PackageHomePage: https://github.com/sodgeit/CMake-SBOM-Builder
+PackageComment: <text>Built by CMake 3.30.1 with Debug configuration for Windows (AMD64)</text>
+PackageVerificationCode: 829065e9867d9b9dbd601cf43946e5bc1f3b9018
+BuiltDate: 2024-07-23T19:52:50Z
+Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Example
+
+FileName: ./include/Example_version.h
+SPDXID: SPDXRef-include-Example-version-h-2
+FileType: SOURCE
+FileChecksum: SHA1: 8733f1a5d796d841a5a952013cfb202b5699c0c4
+LicenseConcluded: NOASSERTION
+LicenseInfoInFile: NOASSERTION
+FileCopyrightText: NOASSERTION
+Relationship: SPDXRef-Example CONTAINS SPDXRef-include-Example-version-h-2
+
+FileName: ./share/example/version.txt
+SPDXID: SPDXRef-share-example-version-txt-3
+FileType: DOCUMENTATION
+FileType: TEXT
+FileChecksum: SHA1: b3edaa0ec2dc99651b9a15f4c90a0ab5b7bd2a30
+LicenseConcluded: NOASSERTION
+LicenseInfoInFile: NOASSERTION
+FileCopyrightText: NOASSERTION
+Relationship: SPDXRef-Example CONTAINS SPDXRef-share-example-version-txt-3
+
+FileName: ./bin/example.exe
+SPDXID: SPDXRef-bin-TARGET-FILE-NAME-example-4
+FileType: BINARY
+FileChecksum: SHA1: fbeb387ffbf0f1b6df7407fa72b57b4205ac83ce
+LicenseConcluded: NOASSERTION
+LicenseInfoInFile: NOASSERTION
+FileCopyrightText: NOASSERTION
+Relationship: SPDXRef-Example CONTAINS SPDXRef-bin-TARGET-FILE-NAME-example-4
+
+PackageName: cxxopts
+SPDXID: SPDXRef-cxxopts-0
+ExternalRef: SECURITY cpe23Type cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
+PackageDownloadLocation: NOASSERTION
+PackageLicenseDeclared: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageVersion: 3.2.0
+PackageSupplier: Jarryd Beck (https://github.com/jarro2783/cxxopts)
+FilesAnalyzed: false
+PackageLicenseConcluded: MIT
+Relationship: SPDXRef-Example DEPENDS_ON SPDXRef-cxxopts-0
+Relationship: SPDXRef-cxxopts-0 CONTAINS NOASSERTION
+
+PackageName: Boost
+SPDXID: SPDXRef-Boost-1
+ExternalRef: SECURITY cpe23Type cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
+PackageDownloadLocation: NOASSERTION
+PackageLicenseDeclared: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageVersion: 1.85.0
+PackageSupplier: https://www.boost.org
+FilesAnalyzed: false
+PackageLicenseConcluded: BSL-1.0
+Relationship: SPDXRef-Example DEPENDS_ON SPDXRef-Boost-1
+Relationship: SPDXRef-Boost-1 CONTAINS NOASSERTION