fix: remove fallback logic for Source Code Download URL

capycli/bom/create_components.py

@@ -236,10 +236,13 @@ def add_licenses(self, cx_comp: Component, data: Dict[str, Any]) -> None:
         data["mainLicenseIds"] = licenses
 
     def prepare_release_data(self, cx_comp: Component) -> Dict[str, Any]:
-        """Create release data structure as expected by SW360 REST API
+        """Create the Release data structure as expected by SW360 REST API.
 
-        :param item: a single bill of materials item - a release
-        :type item: dictionary
+        If the Source Code Download URL is missing in the given Release, try to update the VCS/Repository URL
+        of the corresponding SW360 Component with the repository or website URL from the Release.
+
+        :param cx_comp: a single bill of materials item - a Release
+        :type cx_comp: Component
         :return: the release
         :rtype: release (dictionary)
         """
@@ -251,6 +254,56 @@ def prepare_release_data(self, cx_comp: Component) -> Dict[str, Any]:
         src_url = str(CycloneDxSupport.get_ext_ref_source_url(cx_comp))
         if src_url:
             data["sourceCodeDownloadurl"] = src_url
+        else:
+            print_red("    No Source Code Download URL found. Will try to update the VCS/Repository URL.")
+
+            # Try to update the VCS/Repository URL of the corresponding SW360 Component
+            # with the repository or website URL from the Release
+            component_id = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_COMPONENT_ID)
+            if not component_id:
+                print_red(
+                    f"    Unable to get the SW360 Component ID from the BOM item: {cx_comp.name}. "
+                    "Will not update the VCS/Repository URL."
+                )
+            elif not self.client:
+                print_red("    No SW360 client available. Will not update the VCS/Repository URL.")
+            else:
+                component = self.client.get_component(component_id)
+                if component is None:
+                    print_red(
+                        f"    Unable to get the SW360 Component with ID: {component_id}. "
+                        "Will not update the VCS/Repository URL."
+                    )
+                else:
+                    website = CycloneDxSupport.get_ext_ref_website(cx_comp)
+                    repo = CycloneDxSupport.get_ext_ref_repository(cx_comp)
+
+                    current_vcs = component.get("vcs", "")
+                    # Note: The VCS/Repository URL can only be updated after the rollout of Issue 1886
+                    # (https://code.siemens.com/sw360/sw360portal/-/issues/1886) - before that,
+                    # the VCS/Repository URL is not available in the SW360 REST API and thus cannot be updated.
+                    if repo:
+                        print_yellow(
+                            f"    Not available until rollout of Issue 1886. "
+                            f"Could update VCS/Repository URL from: {current_vcs if current_vcs else '<empty string>'} "
+                            f"with repository: {repo}..."
+                        )
+                        # try:
+                        #     updated_component = self.client.update_component({"vcs": str(repo)}, component_id)
+                        #     print_green(f"    Successfully updated VCS/Repository URL to: {updated_component}")
+                        # except SW360Error as e:
+                        #     print_red(f"    Failed to update VCS/Repository URL: {e}")
+                    elif website:
+                        print_yellow(
+                            f"    Not available until rollout of Issue 1886. "
+                            f"Could update VCS/Repository URL from: {current_vcs if current_vcs else '<empty string>'} "
+                            f"with website: {website}..."
+                        )
+                        # try:
+                        #     updated_component = self.client.update_component({"vcs": str(website)}, component_id)
+                        #     print_green(f"    Successfully updated VCS/Repository URL to: {updated_component}")
+                        # except SW360Error as e:
+                        #     print_red(f"    Failed to update VCS/Repository URL: {e}")
 
         bin_url = str(CycloneDxSupport.get_ext_ref_binary_url(cx_comp))
         if bin_url:
@@ -266,17 +319,6 @@ def prepare_release_data(self, cx_comp: Component) -> Dict[str, Any]:
         data["additionalData"] = {}
         data["additionalData"]["createdWith"] = capycli.get_app_signature()
 
-        # use project site as fallback for source code download url
-        website = CycloneDxSupport.get_ext_ref_website(cx_comp)
-        repo = CycloneDxSupport.get_ext_ref_repository(cx_comp)
-        if not src_url:
-            if repo:
-                print("    Using repository for source code download URL...")
-                data["sourceCodeDownloadurl"] = str(repo)
-            elif website:
-                print("    Using website for source code download URL...")
-                data["sourceCodeDownloadurl"] = str(website)
-
         language = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_LANGUAGE)
         if language:
             data["languages"] = []

tests/test_bom_create_components.py

@@ -61,7 +61,6 @@ def test_create_component(self) -> None:
 
         release_data = {"name": "activemodel", "version": "5.2.4.3",
                         "mainlineState": "OPEN", "languages": ["Ruby"],
-                        "sourceCodeDownloadurl": "http://test.org",
                         "externalIds": {"package-url": "pkg:gem/activemodel@5.2.4.3"},
                         "additionalData": {"createdWith": capycli.get_app_signature()}}
         responses.add(