merge_cachi2_sboms: rename to merge_sboms

Handles syft SBOMs as well now.

Signed-off-by: Adam Cmiel <[email protected]>

sbom-utility-scripts/Dockerfile

@@ -3,8 +3,10 @@ FROM registry.access.redhat.com/ubi9/python-312:9.5@sha256:88ea2d10c741f16968110
 WORKDIR /scripts
 
 COPY scripts/merge_syft_sboms.py /scripts
-COPY scripts/merge-cachi2-sboms-script/merge_cachi2_sboms.py /scripts
-COPY scripts/merge-cachi2-sboms-script/requirements.txt /scripts/merge-cachi2-sboms-script-requirements.txt
+COPY scripts/merge-sboms-script/merge_sboms.py /scripts
+# for backwards compatibility, also ship the script at the original location
+COPY scripts/merge-sboms-script/merge_sboms.py /scripts/merge_cachi2_sboms.py
+COPY scripts/merge-sboms-script/requirements.txt /scripts/merge-sboms-script-requirements.txt
 COPY scripts/base-images-sbom-script/app/base_images_sbom_script.py /scripts
 COPY scripts/base-images-sbom-script/app/requirements.txt /scripts/base-images-sbom-script-requirements.txt
 COPY scripts/index-image-sbom-script/requirements.txt /scripts/index-image-sbom-script-requirements.txt
@@ -14,7 +16,7 @@ COPY scripts/add-image-reference-script/add_image_reference.py /scripts
 COPY scripts/add-image-reference-script/requirements.txt /scripts/add-image-reference-requirements.txt
 
 RUN pip3 install --no-cache-dir \
-    -r merge-cachi2-sboms-script-requirements.txt \
+    -r merge-sboms-script-requirements.txt \
     -r base-images-sbom-script-requirements.txt \
     -r index-image-sbom-script-requirements.txt \
     -r add-image-reference-requirements.txt

sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_data/assemble-input-sboms.sh → sbom-utility-scripts/scripts/merge-sboms-script/test_data/assemble-input-sboms.sh

@@ -12,7 +12,7 @@ set -o errexit -o nounset -o pipefail -o xtrace
 #
 # It will generate cachi2 and syft SBOMs for a few sample repositories (and one
 # container image, for syft) and assemble them into a merged cachi2 SBOM and a
-# merged syft SBOM. You can then test the merge_cachi2_sboms.py script by merging
+# merged syft SBOM. You can then test the merge_sboms.py script by merging
 # the cachi2 SBOM with the syft SBOM.
 
 testdata_dir=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
@@ -90,4 +90,4 @@ syft ./syft-sboms --select-catalogers=+sbom-cataloger -o [email protected] |
     postprocess_syft_cyclonedx > "$testdata_dir/syft.merged-by-syft.bom.json"
 
 printf "syft:%s\n" "$testdata_dir/syft-sboms"/* |
-    xargs python "$testdata_dir/../merge_cachi2_sboms.py" > "$testdata_dir/syft.merged-by-us.bom.json"
+    xargs python "$testdata_dir/../merge_sboms.py" > "$testdata_dir/syft.merged-by-us.bom.json"

sbom-utility-scripts/scripts/merge-cachi2-sboms-script/test_merge_cachi2_sboms.py → sbom-utility-scripts/scripts/merge-sboms-script/test_merge_sboms.py

@@ -6,7 +6,7 @@
 
 import pytest
 
-from merge_cachi2_sboms import SBOMItem, main, merge_by_apparent_sameness, merge_cyclonedx_sboms, wrap_as_cdx
+from merge_sboms import SBOMItem, main, merge_by_apparent_sameness, merge_cyclonedx_sboms, wrap_as_cdx
 
 TOOLS_METADATA = {
     "syft-cyclonedx-1.4": {

sbom-utility-scripts/scripts/merge-cachi2-sboms-script/tox.ini → sbom-utility-scripts/scripts/merge-sboms-script/tox.ini

@@ -6,12 +6,12 @@ basepython = 3.12
 deps =
     -r requirements.txt
     -r requirements-test.txt
-commands = pytest test_merge_cachi2_sboms.py
+commands = pytest test_merge_sboms.py
 
 [testenv:flake8]
 basepython = 3.12
 deps = flake8
-commands = flake8 --max-line-length 120 merge_cachi2_sboms.py test_merge_cachi2_sboms.py
+commands = flake8 --max-line-length 120 merge_sboms.py test_merge_sboms.py
 
 [testenv:black]
 deps = black