Skip to content
This repository has been archived by the owner on Jul 20, 2023. It is now read-only.

Commit

Permalink
replace cyclonedx-cli with ruby gem
Browse files Browse the repository at this point in the history
  • Loading branch information
@Kagemaru
Kagemaru committed Dec 22, 2022
1 parent 391b242 commit f43035d
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 31 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/reusable-build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,5 +42,8 @@ jobs:
push: true
tags: ${{ env.DECIDIM_IMAGE_REPO }}:latest
build-args: |
GITHUB_SHA=$GITHUB_SHA
GITHUB_REPOSITORY=$GITHUB_REPOSITORY
GITHUB_REF_NAME=$GITHUB_REF_NAME
PUZZLE_DEP_TRACK_URL=${{ secrets.PUZZLE_DEP_TRACK_URL }}
PUZZLE_DEP_TRACK_TOKEN=${{ secrets.PUZZLE_DEP_TRACK_TOKEN }}
80 changes: 49 additions & 31 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,9 @@ ARG SKIP_MEMCACHE_CHECK="true"
ARG GITHUB_SHA
ARG GITHUB_REPOSITORY
ARG GITHUB_REF_NAME
ARG BUILD_COMMIT="$GITHUB_SHA"
ARG BUILD_REPO="$GITHUB_REPOSITORY"
ARG BUILD_REF="$GITHUB_REF_NAME"
# ARG BUILD_COMMIT="$GITHUB_SHA"
# ARG BUILD_REPO="$GITHUB_REPOSITORY"
# ARG BUILD_REF="$GITHUB_REF_NAME"

# # Gitlab specific
# ARG CI_COMMIT_SHA
Expand Down Expand Up @@ -82,8 +82,9 @@ ARG BUILD_SCRIPT
ARG POST_BUILD_SCRIPT

# arguments potentially used by steps
ARG BUILD_COMMIT
ARG BUILD_REPO
ARG GITHUB_SHA
ARG GITHUB_REPOSITORY
ARG GITHUB_REF_NAME
ARG CUSTOMIZATION_OUTPUT
ARG CYCLONEDX_CLI_VERSION
ARG NODE_ENV
Expand Down Expand Up @@ -141,29 +142,46 @@ RUN rm -rf vendor/cache/ .git spec/ node_modules/
# Send SBOM to Dependency Tracker
RUN bash -vxc "\
if [[ -n \"${PUZZLE_DEP_TRACK_TOKEN}\" ]]; then \
curl \
-L \
-o /tmp/cyclonedx-cli \
'https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${CYCLONEDX_CLI_VERSION}/cyclonedx-linux-x64' \
&& chmod a+x /tmp/cyclonedx-cli \
&& /tmp/cyclonedx-cli \
add files \
--no-input \
--base-path /app-src \
--output-file /app-src/sbom.json \
--output-format json \
gem install cyclonedx-ruby \
&& cyclonedx-ruby -v -p /app-src/ -o /app-src/sbom.xml \
&& curl \
-X 'POST' \
-i \
-H 'Content-Type: multipart/form-data' \
-H 'X-Api-Key: ${PUZZLE_DEP_TRACK_TOKEN}' \
-F 'autoCreate=true' \
-F 'projectName=${BUILD_REPO}' \
-F 'projectVersion=${BUILD_COMMIT}' \
-F 'bom=@/app-src/sbom.json' \
'${PUZZLE_DEP_TRACK_URL}'; \
-X 'POST' \
-i \
-H 'Content-Type: multipart/form-data' \
-H 'X-Api-Key: ${PUZZLE_DEP_TRACK_TOKEN}' \
-F 'autoCreate=true' \
-F 'projectName=${GITHUB_REPOSITORY}' \
-F 'projectVersion=${GITHUB_SHA}' \
-F 'bom=@/app-src/sbom.xml' \
'${PUZZLE_DEP_TRACK_URL}'; \
fi"

# Using cyclonedx-ruby
# RUN bash -vxc "\
# if [[ -n \"${PUZZLE_DEP_TRACK_TOKEN}\" ]]; then \
# curl \
# -L \
# -o /tmp/cyclonedx-cli \
# 'https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${CYCLONEDX_CLI_VERSION}/cyclonedx-linux-x64' \
# && chmod a+x /tmp/cyclonedx-cli \
# && /tmp/cyclonedx-cli \
# add files \
# --no-input \
# --base-path /app-src \
# --output-file /app-src/sbom.json \
# --output-format json \
# && curl \
# -X 'POST' \
# -i \
# -H 'Content-Type: multipart/form-data' \
# -H 'X-Api-Key: ${PUZZLE_DEP_TRACK_TOKEN}' \
# -F 'autoCreate=true' \
# -F 'projectName=${GITHUB_REPOSITORY}' \
# -F 'projectVersion=${GITHUB_SHA}' \
# -F 'bom=@/app-src/sbom.json' \
# '${PUZZLE_DEP_TRACK_URL}'; \
# fi"

##################################################################
# Run Stage #
##################################################################
Expand All @@ -190,17 +208,17 @@ ARG RAILS_ENV
# data persisted in the image
ARG PS1
ARG TZ
ARG BUILD_COMMIT
ARG BUILD_REPO
ARG BUILD_REF
ARG GITHUB_SHA
ARG GITHUB_REPOSITORY
ARG GITHUB_REF_NAME
ARG LD_PRELOAD

# Runtime ENV Vars
ENV PS1="${PS1}" \
TZ="${TZ}" \
BUILD_REPO="${BUILD_REPO}" \
BUILD_REF="${BUILD_REF}" \
BUILD_COMMIT="${BUILD_COMMIT}" \
BUILD_REPO="${GITHUB_REPOSITORY}" \
BUILD_REF="${GITHUB_REF_NAME}" \
BUILD_COMMIT="${GITHUB_SHA}" \
NODE_ENV="${NODE_ENV}" \
RAILS_ENV="${RAILS_ENV}" \
RACK_ENV="${RACK_ENV}" \
Expand Down

0 comments on commit f43035d

Please sign in to comment.