From 4c9354c99470703808028e416e02a373d35e2e1c Mon Sep 17 00:00:00 2001 From: Gustavo Castellanos Alfonzo Date: Thu, 8 Aug 2024 19:45:30 -0700 Subject: [PATCH] Workaround for generating a SBOM manifest at the root level of the Nuget Package (#656) * Add buildMultiTargeting folder to the Nuget package * Unzip and Zip again for including the SBOM into the Nuget package. * Append GUID to the temporary unzipped folder. --- .../Microsoft.Sbom.Targets.csproj | 1 + .../Microsoft.Sbom.Targets.targets | 44 +++++++++---------- 2 files changed, 21 insertions(+), 24 deletions(-) diff --git a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.csproj b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.csproj index be7eabbc..c7202f9b 100644 --- a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.csproj +++ b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.csproj @@ -60,6 +60,7 @@ by convention, the .NET SDK will look for build\.props and build\.targets for automatic inclusion in the build. --> + diff --git a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets index c6700e7f..2caffb5f 100644 --- a/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets +++ b/src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets @@ -20,20 +20,12 @@ _manifest spdx_2.2 - - - - - $(TargetsForTfmSpecificContentInPackage);CopySbomOutput - - false - $(OutDir) $(MSBuildProjectDirectory) $(Authors) $(AssemblyName) @@ -47,12 +39,27 @@ information SPDX:2.2 true + $([System.Guid]::NewGuid()) - + + + + + + + $(PackageOutputPath)\$(PackageId).$(PackageVersion).nupkg + + + $(PackageOutputPath)\$(PackageId).$(PackageVersion).$(UnzipGuid).temp + + + + + - - - - - - $(TargetFramework)$(TargetPlatformVersion) - $(TargetFramework) - - - - - $([System.IO.Path]::Combine($(BuildOutputTargetFolder),$(TargetFrameworkWithPlatformVersion),$(ManifestFolderName),$(SbomSpecification))) - - + + +