chore: evaluate version incase version is not fixed

Signed-off-by: Sonu Saha <[email protected]>

Author: ahasunos

Diff for: .github/workflows/sbom.yml

@@ -63,27 +63,52 @@ jobs:
             echo "Processing RubyGem: $name"
             gem_name=$(echo "$name" | tr -d '"')
             version=$(echo "$versionInfo" | tr -d '"')
-            # Check if the version contains a version constraint (e.g., ~>, >=, <=)
+
+            # If version has a comparison operator (e.g., ~>, >=, <=)
             if [[ "$versionInfo" =~ [\~\>\<\=\ ] ]]; then
-              echo "Skipping call to rubygems.org for version constraint: $versionInfo"
-              continue  # Skip processing for this gem versionInfo
+              echo "Evaluating version constraint: $versionInfo"
+
+              # Extract the base version (e.g., "2.11" from "~> 2.11")
+              base_version=$(echo "$versionInfo" | sed -E 's/[^\d.]//g')
+
+              # Get the list of available versions from RubyGems API
+              api_url="https://rubygems.org/api/v2/rubygems/${gem_name}/versions.json"
+              available_versions=$(curl -s "$api_url" | jq -r '.[].version')
+
+              # Find the valid version according to the constraint
+              valid_version=$(echo "$available_versions" | grep -E "^$base_version" | sort -V | head -n 1)
+
+              if [ -z "$valid_version" ]; then
+                echo "No valid version found for constraint $versionInfo"
+                continue
+              fi
+
+              # Proceed with the valid version
+              echo "Using version: $valid_version for $gem_name"
+              api_url="https://rubygems.org/api/v2/rubygems/${gem_name}/versions/${valid_version}.json"
+              response=$(curl -s "$api_url")
+
+              # Extract relevant fields from the response
+              new_license=$(echo "$response" | jq -r '.licenses[0] // "None"')
+              new_source_code_url=$(echo "$response" | jq -r '.source_code_uri // "None"')
+              new_vendor=$(echo "$response" | jq -r '.authors // "None"')
             else
-              # Proceed with making the call to rubygems.org
-              echo "Making call to rubygems.org for fixed version: $versionInfo"
-              # Your logic to call rubygems.org
+              # Handle fixed version
+              echo "Fixed version: $versionInfo"
+              api_url="https://rubygems.org/api/v2/rubygems/${gem_name}/versions/${versionInfo}.json"
+              response=$(curl -s "$api_url")
+              new_license=$(echo "$response" | jq -r '.licenses[0] // "None"')
+              new_source_code_url=$(echo "$response" | jq -r '.source_code_uri // "None"')
+              new_vendor=$(echo "$response" | jq -r '.authors // "None"')
             fi
-            api_url="https://rubygems.org/api/v2/rubygems/${gem_name}/versions/${version}.json"
-            response=$(curl -s "$api_url")
-            echo "Response: $response"
-            new_license=$(echo "$response" | jq -r '.licenses[0] // "None"')
-            echo "License: $new_license"
-            new_source_code_url=$(echo "$response" | jq -r '.source_code_uri // "None"')
-            new_vendor=$(echo "$response" | jq -r '.authors // "None"')
           else
+            # Default values if not a RubyGem
             new_license="None"
             new_source_code_url="None"
             new_vendor="None"
           fi
+
+          # Write updated values to temp CSV
           echo "$name,$SPDXID,$versionInfo,$downloadLocation,$externalRefs,$new_license,$new_source_code_url,$new_vendor" >> "$TEMP_CSV"
         done
         mv "$TEMP_CSV" "${FILE_PREFIX}-sbom.csv"