-
Notifications
You must be signed in to change notification settings - Fork 593
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add build artifacts metadata for mtaBuild #5166
Conversation
cmd/mtaBuild.go
Outdated
@@ -563,3 +582,22 @@ func getAbsPath(path string) string { | |||
} | |||
return filepath.FromSlash(abspath) | |||
} | |||
|
|||
func getPurl(mtaYaml string) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This part we have repeated in https://github.com/SAP/jenkins-library/blob/master/cmd/mavenBuild.go#L277 and https://github.com/SAP/jenkins-library/blob/master/pkg/npm/publish.go#L229
Can we move the logic to https://github.com/SAP/jenkins-library/blob/master/pkg/piperutils/cyclonedxBom.go
And use the same in all places?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@phgermanov Is this change tested in a pipeline ? |
cmd/mavenBuild.go
Outdated
@@ -255,7 +254,7 @@ func createBuildArtifactsMetadata(config *mavenBuildOptions, commonPipelineEnvir | |||
} else { | |||
coordinate.BuildPath = filepath.Dir(match) | |||
coordinate.URL = config.AltDeploymentRepositoryURL | |||
coordinate.PURL = getPurlForThePom(match) | |||
coordinate.PURL = piperutils.GetPurl(match, mvnSimpleBomFilename+".xml") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The bom path is wrong. For maven the bom will be inside target folder
relativeBomPath := filepath.Join("/target/" + mvnSimpleBomFilename + ".xml")
coordinate.PURL = piperutils.GetPurl(match, relativeBomPath)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, I think that was the issue with the failing tests
pkg/piperutils/cyclonedxBom.go
Outdated
@@ -46,3 +48,22 @@ func GetBom(absoluteBomPath string) (Bom, error) { | |||
} | |||
return bom, nil | |||
} | |||
|
|||
func GetPurl(filePath, bomFilename string) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function definition is misleading as, we don't send "filePath" to BOM. We send filePath to package manager like pom.xml or package.json.
Can we simplify in a way that, we only send file path to BOM and get back purl ?
Or rename function definition to
GetPurl(filePathToPackageManager, relativeBomFilePath)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cmd/mtaBuild.go
Outdated
Packaging: "mtar", | ||
BuildPath: filepath.Dir(mtarPath), | ||
URL: config.MtaDeploymentRepositoryURL, | ||
PURL: piperutils.GetPurl(filepath.Join(mtarPath, "sbom-gen/bom-mta.xml")), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be
PURL: piperutils.GetPurl(filepath.Join(filepath.Dir(mtarPath), "sbom-gen/bom-mta.xml"))
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Co-authored-by: Manjunath <[email protected]>
Co-authored-by: Manjunath <[email protected]>
credentialsEncoded := "Basic " + base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", config.MtaDeploymentRepositoryUser, config.MtaDeploymentRepositoryPassword))) | ||
headers := http.Header{} | ||
headers.Add("Authorization", credentialsEncoded) | ||
if err = handlePublish(config, commonPipelineEnvironment, utils, mtarName, isMtarNativelySuffixed); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we can keep this log
log.Entry().Infof("publish detected")
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cmd/mtaBuild.go
Outdated
ArtifactID: config.MtarName, | ||
Version: config.Version, | ||
Packaging: "mtar", | ||
BuildPath: mtarDir, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The build path should be path of mta.yaml file and not the mtar. Is mtar generated at the same directory as of mta.yaml? or users can choose to change the path?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quality Gate passedIssues Measures |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
/it-go |
…ix-fix * origin/master: (43 commits) fix handle new naming strategy for Central Build stage name if extension is used (SAP#5178) Remove commit message from project-metadata.toml (SAP#5176) handle new naming strategy for Central Build stage name (SAP#5171) Update URL to current SapMachine (SAP#5126) checkmarxOneExecuteScan - Fix report generation in CxOne 3.20 (SAP#5170) docs: update pr template to include inner source update reminder (SAP#5169) handle error while fetching working directory (SAP#5168) Final round of adding quoting to prevent command injection (SAP#5167) feat: add build artifacts metadata for mtaBuild (SAP#5166) Fix more potential command injection via quoting (SAP#5164) Add identifier data to create uuid in events (SAP#5165) Update version of org.cyclonedx:cyclonedx-maven-plugin (SAP#5156) Fix: validate app name (SAP#5155) fix: command injection vulnerability (SAP#5161) fix deadlock and add more logging (SAP#5160) fix(sonar): allign groovy part of Sonar step with common piperExecuteBin (SAP#5157) modify logging (SAP#5158) Detect script version 9 (SAP#5154) feat(vault): not allowing batch token revoke (SAP#4918) refactor(vault): Refactor vault package (SAP#5148) ...
* origin/master: (43 commits) fix handle new naming strategy for Central Build stage name if extension is used (SAP#5178) Remove commit message from project-metadata.toml (SAP#5176) handle new naming strategy for Central Build stage name (SAP#5171) Update URL to current SapMachine (SAP#5126) checkmarxOneExecuteScan - Fix report generation in CxOne 3.20 (SAP#5170) docs: update pr template to include inner source update reminder (SAP#5169) handle error while fetching working directory (SAP#5168) Final round of adding quoting to prevent command injection (SAP#5167) feat: add build artifacts metadata for mtaBuild (SAP#5166) Fix more potential command injection via quoting (SAP#5164) Add identifier data to create uuid in events (SAP#5165) Update version of org.cyclonedx:cyclonedx-maven-plugin (SAP#5156) Fix: validate app name (SAP#5155) fix: command injection vulnerability (SAP#5161) fix deadlock and add more logging (SAP#5160) fix(sonar): allign groovy part of Sonar step with common piperExecuteBin (SAP#5157) modify logging (SAP#5158) Detect script version 9 (SAP#5154) feat(vault): not allowing batch token revoke (SAP#4918) refactor(vault): Refactor vault package (SAP#5148) ...
…fig-fix * origin/master: (43 commits) fix handle new naming strategy for Central Build stage name if extension is used (SAP#5178) Remove commit message from project-metadata.toml (SAP#5176) handle new naming strategy for Central Build stage name (SAP#5171) Update URL to current SapMachine (SAP#5126) checkmarxOneExecuteScan - Fix report generation in CxOne 3.20 (SAP#5170) docs: update pr template to include inner source update reminder (SAP#5169) handle error while fetching working directory (SAP#5168) Final round of adding quoting to prevent command injection (SAP#5167) feat: add build artifacts metadata for mtaBuild (SAP#5166) Fix more potential command injection via quoting (SAP#5164) Add identifier data to create uuid in events (SAP#5165) Update version of org.cyclonedx:cyclonedx-maven-plugin (SAP#5156) Fix: validate app name (SAP#5155) fix: command injection vulnerability (SAP#5161) fix deadlock and add more logging (SAP#5160) fix(sonar): allign groovy part of Sonar step with common piperExecuteBin (SAP#5157) modify logging (SAP#5158) Detect script version 9 (SAP#5154) feat(vault): not allowing batch token revoke (SAP#4918) refactor(vault): Refactor vault package (SAP#5148) ...
As part of HSPIPER-290 we need to add build artifacts for mta