Skip to content

Commit

Permalink
feat: publish SBOMs
Browse files Browse the repository at this point in the history
While clearly not perfect, I think we should start growing
towards publishing valid SBOMs for our artifacts, and
publishing these is a good first step in that direction.
  • Loading branch information
raboof committed Jul 1, 2024
1 parent 42994f5 commit 296f89b
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
5 changes: 5 additions & 0 deletions project/PekkoBuild.scala
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import sbt.Keys._
import sbt._
import sbtassembly.AssemblyPlugin.autoImport._
import sbtwelcome.WelcomePlugin.autoImport._
import _root_.io.github.siculo.sbtbom.BomSbtPlugin.autoImport.makeBom

import java.io.FileInputStream
import java.io.InputStreamReader
Expand Down Expand Up @@ -267,6 +268,10 @@ object PekkoBuild {
mavenLocalResolverSettings,
docLintingSettings,
JdkOptions.targetJdkSettings,
// needed until https://github.com/siculo/sbt-bom/pull/57 has been merged
packagedArtifacts += {
Artifact(artifact.value.name, "cyclonedx", "xml") -> makeBom.value
},
// a workaround for https://github.com/akka/akka/issues/27661
// see also project/Protobuf.scala that introduces /../ to make "intellij happy"
MultiJvm / assembly / fullClasspath := {
Expand Down
1 change: 1 addition & 0 deletions project/plugins.sbt
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ addSbtPlugin("com.github.pjfanning" % "sbt-pekko-build" % "0.3.3")
addSbtPlugin("com.github.reibitto" % "sbt-welcome" % "0.4.0")
addSbtPlugin("com.github.sbt" % "sbt-license-report" % "1.6.1")
addSbtPlugin("io.github.roiocam" % "sbt-depend-walker" % "0.1.1")
addSbtPlugin("io.github.siculo" % "sbt-bom" % "0.3.0")

addSbtPlugin("org.apache.pekko" % "pekko-sbt-paradox" % "1.0.1")

Expand Down

0 comments on commit 296f89b

Please sign in to comment.