Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add build artifacts metadata for mtaBuild #5166

Merged
merged 14 commits into from
Nov 4, 2024

Conversation

phgermanov
Copy link
Contributor

As part of HSPIPER-290 we need to add build artifacts for mta

@phgermanov phgermanov requested a review from a team as a code owner October 29, 2024 13:19
@D074360 D074360 changed the title feat: add build artifacts metadata feat: add build artifacts metadata for mtaBuild Oct 29, 2024
cmd/mtaBuild.go Outdated
@@ -563,3 +582,22 @@ func getAbsPath(path string) string {
}
return filepath.FromSlash(abspath)
}

func getPurl(mtaYaml string) string {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor Author

@phgermanov phgermanov Oct 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@D074360
Copy link
Member

D074360 commented Oct 29, 2024

@phgermanov Is this change tested in a pipeline ?

@@ -255,7 +254,7 @@ func createBuildArtifactsMetadata(config *mavenBuildOptions, commonPipelineEnvir
} else {
coordinate.BuildPath = filepath.Dir(match)
coordinate.URL = config.AltDeploymentRepositoryURL
coordinate.PURL = getPurlForThePom(match)
coordinate.PURL = piperutils.GetPurl(match, mvnSimpleBomFilename+".xml")
Copy link
Member

@D074360 D074360 Oct 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The bom path is wrong. For maven the bom will be inside target folder

relativeBomPath := filepath.Join("/target/" + mvnSimpleBomFilename + ".xml")
coordinate.PURL = piperutils.GetPurl(match, relativeBomPath)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, I think that was the issue with the failing tests

@@ -46,3 +48,22 @@ func GetBom(absoluteBomPath string) (Bom, error) {
}
return bom, nil
}

func GetPurl(filePath, bomFilename string) string {
Copy link
Member

@D074360 D074360 Oct 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function definition is misleading as, we don't send "filePath" to BOM. We send filePath to package manager like pom.xml or package.json.

Can we simplify in a way that, we only send file path to BOM and get back purl ?

Or rename function definition to

GetPurl(filePathToPackageManager, relativeBomFilePath)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cmd/mtaBuild.go Outdated
Packaging: "mtar",
BuildPath: filepath.Dir(mtarPath),
URL: config.MtaDeploymentRepositoryURL,
PURL: piperutils.GetPurl(filepath.Join(mtarPath, "sbom-gen/bom-mta.xml")),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be

PURL: piperutils.GetPurl(filepath.Join(filepath.Dir(mtarPath), "sbom-gen/bom-mta.xml"))

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pkg/npm/publish.go Outdated Show resolved Hide resolved
cmd/mavenBuild.go Outdated Show resolved Hide resolved
credentialsEncoded := "Basic " + base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", config.MtaDeploymentRepositoryUser, config.MtaDeploymentRepositoryPassword)))
headers := http.Header{}
headers.Add("Authorization", credentialsEncoded)
if err = handlePublish(config, commonPipelineEnvironment, utils, mtarName, isMtarNativelySuffixed); err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we can keep this log

log.Entry().Infof("publish detected")

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cmd/mtaBuild.go Outdated
ArtifactID: config.MtarName,
Version: config.Version,
Packaging: "mtar",
BuildPath: mtarDir,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The build path should be path of mta.yaml file and not the mtar. Is mtar generated at the same directory as of mta.yaml? or users can choose to change the path?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link

sonarqubecloud bot commented Nov 1, 2024

Copy link
Member

@D074360 D074360 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@D074360
Copy link
Member

D074360 commented Nov 4, 2024

/it-go

@phgermanov phgermanov merged commit 6988f43 into master Nov 4, 2024
12 checks passed
@phgermanov phgermanov deleted the phgermanov/mta-build-artifacts-metadata branch November 4, 2024 10:30
maxatsap added a commit to maxatsap/jenkins-library that referenced this pull request Nov 20, 2024
…ix-fix

* origin/master: (43 commits)
  fix handle new naming strategy for Central Build stage name if extension is used (SAP#5178)
  Remove commit message from project-metadata.toml (SAP#5176)
  handle new naming strategy for Central Build stage name (SAP#5171)
  Update URL to current SapMachine (SAP#5126)
  checkmarxOneExecuteScan - Fix report generation in CxOne 3.20 (SAP#5170)
  docs: update pr template to include inner source update reminder (SAP#5169)
  handle error while fetching working directory (SAP#5168)
  Final round of adding quoting to prevent command injection (SAP#5167)
  feat: add build artifacts metadata for mtaBuild (SAP#5166)
  Fix more potential command injection via quoting (SAP#5164)
  Add identifier data to create uuid in events (SAP#5165)
  Update version of org.cyclonedx:cyclonedx-maven-plugin (SAP#5156)
  Fix: validate app name (SAP#5155)
  fix: command injection vulnerability (SAP#5161)
  fix deadlock and add more logging (SAP#5160)
  fix(sonar): allign groovy part of Sonar step with common piperExecuteBin (SAP#5157)
  modify logging (SAP#5158)
  Detect script version 9 (SAP#5154)
  feat(vault): not allowing batch token revoke (SAP#4918)
  refactor(vault): Refactor vault package (SAP#5148)
  ...
maxatsap added a commit to maxatsap/jenkins-library that referenced this pull request Nov 20, 2024
* origin/master: (43 commits)
  fix handle new naming strategy for Central Build stage name if extension is used (SAP#5178)
  Remove commit message from project-metadata.toml (SAP#5176)
  handle new naming strategy for Central Build stage name (SAP#5171)
  Update URL to current SapMachine (SAP#5126)
  checkmarxOneExecuteScan - Fix report generation in CxOne 3.20 (SAP#5170)
  docs: update pr template to include inner source update reminder (SAP#5169)
  handle error while fetching working directory (SAP#5168)
  Final round of adding quoting to prevent command injection (SAP#5167)
  feat: add build artifacts metadata for mtaBuild (SAP#5166)
  Fix more potential command injection via quoting (SAP#5164)
  Add identifier data to create uuid in events (SAP#5165)
  Update version of org.cyclonedx:cyclonedx-maven-plugin (SAP#5156)
  Fix: validate app name (SAP#5155)
  fix: command injection vulnerability (SAP#5161)
  fix deadlock and add more logging (SAP#5160)
  fix(sonar): allign groovy part of Sonar step with common piperExecuteBin (SAP#5157)
  modify logging (SAP#5158)
  Detect script version 9 (SAP#5154)
  feat(vault): not allowing batch token revoke (SAP#4918)
  refactor(vault): Refactor vault package (SAP#5148)
  ...
maxatsap added a commit to maxatsap/jenkins-library that referenced this pull request Nov 20, 2024
…fig-fix

* origin/master: (43 commits)
  fix handle new naming strategy for Central Build stage name if extension is used (SAP#5178)
  Remove commit message from project-metadata.toml (SAP#5176)
  handle new naming strategy for Central Build stage name (SAP#5171)
  Update URL to current SapMachine (SAP#5126)
  checkmarxOneExecuteScan - Fix report generation in CxOne 3.20 (SAP#5170)
  docs: update pr template to include inner source update reminder (SAP#5169)
  handle error while fetching working directory (SAP#5168)
  Final round of adding quoting to prevent command injection (SAP#5167)
  feat: add build artifacts metadata for mtaBuild (SAP#5166)
  Fix more potential command injection via quoting (SAP#5164)
  Add identifier data to create uuid in events (SAP#5165)
  Update version of org.cyclonedx:cyclonedx-maven-plugin (SAP#5156)
  Fix: validate app name (SAP#5155)
  fix: command injection vulnerability (SAP#5161)
  fix deadlock and add more logging (SAP#5160)
  fix(sonar): allign groovy part of Sonar step with common piperExecuteBin (SAP#5157)
  modify logging (SAP#5158)
  Detect script version 9 (SAP#5154)
  feat(vault): not allowing batch token revoke (SAP#4918)
  refactor(vault): Refactor vault package (SAP#5148)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants