Skip to content
This repository has been archived by the owner on Dec 18, 2024. It is now read-only.

CycloneDX SBOM for databroker and databroker-cli #756

Closed
wants to merge 2 commits into from
Closed

CycloneDX SBOM for databroker and databroker-cli #756

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c6a758e
CycloneDX SBOM for databroker
SebastianSchildt Mar 17, 2024
3e6b3d5
Update third party NOTICE
SebastianSchildt Mar 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 17 additions & 9 deletions .github/workflows/kuksa_databroker-cli_build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ jobs:
- name: Building
working-directory: ${{github.workspace}}/kuksa_databroker/
run: |
cargo install cargo-license cross
cargo install cargo-license cross cargo-cyclonedx
./build-all-targets-cli.sh

- name: Docker meta
Expand All @@ -81,7 +81,7 @@ jobs:
type=semver,pattern={{major}}

- name: Set up QEMU
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
id: buildx
Expand Down Expand Up @@ -148,23 +148,31 @@ jobs:
- name: "Archiving RISCV64 artifacts"
uses: actions/upload-artifact@v3
with:
name: databroker--cli-riscv64
name: databroker-cli-riscv64
path: ${{github.workspace}}/dist/riscv64


bom:
name: Bill of Material Check
name: License Compliance Check
runs-on: ubuntu-latest
needs: build-container

steps:
- uses: actions/checkout@v4

- name: "Createbom: License check and Dash output generation"
working-directory: ${{github.workspace}}/kuksa_databroker/createbom
# Follows the pattern from
# https://github.com/eclipse/dash-licenses?tab=readme-ov-file#example-rustcargo
- name: "Using cargo to create Dash input"
working-directory: ${{github.workspace}}/kuksa_databroker/
# target all is not really needed, and will also return i.e. wasm deps, however
# better safe than sorry, the alternative would be running this for each currently
# built target and combining the lists, but that would need adapting, when
# adding targets, or also when i.e. switching between MUSL/glibc. So this is safer
run: |
cargo install cargo-license
python3 createbom.py --dash ${{github.workspace}}/dash-databroker-deps ../databroker
cargo tree -e normal --prefix none --no-dedupe -p databroker-cli --target all --all-features > ${{github.workspace}}/cargodeps
cat ${{github.workspace}}/cargodeps | sort -u \
| grep -v '^[[:space:]]*$' | grep -v kuksa | grep -v databroker \
| sed -E 's|([^ ]+) v([^ ]+).*|crate/cratesio/-/\1/\2|' \
> ${{github.workspace}}/dash-databroker-deps

- name: Dash license check
uses: eclipse-kuksa/kuksa-actions/check-dash@2
Expand Down
25 changes: 16 additions & 9 deletions .github/workflows/kuksa_databroker_build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,6 @@ jobs:

build-container:
runs-on: ubuntu-latest

needs: check_ghcr_push

steps:
Expand All @@ -99,7 +98,7 @@ jobs:
- name: Building
working-directory: ${{github.workspace}}/kuksa_databroker/
run: |
cargo install cargo-license cross
cargo install cargo-license cross cargo-cyclonedx
./build-all-targets.sh

- name: Docker meta
Expand Down Expand Up @@ -197,7 +196,7 @@ jobs:
steps:

- name: Set up QEMU
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@v3

- uses: actions/checkout@v4

Expand All @@ -223,18 +222,26 @@ jobs:
${{github.workspace}}/kuksa_databroker/integration_test/run.sh

bom:
name: Bill of Material Check
name: License Compliance Check
runs-on: ubuntu-latest
needs: build-container

steps:
- uses: actions/checkout@v4

- name: "Createbom: License check and Dash output generation"
working-directory: ${{github.workspace}}/kuksa_databroker/createbom
# Follows the pattern from
# https://github.com/eclipse/dash-licenses?tab=readme-ov-file#example-rustcargo
- name: "Using cargo to create Dash input"
working-directory: ${{github.workspace}}/kuksa_databroker/
# target all is not really needed, and will also return i.e. wasm deps, however
# better safe than sorry, the alternative would be running this for each currently
# built target and combining the lists, but that would need adapting, when
# adding targets, or also when i.e. switching between MUSL/glibc. So this is safer
run: |
cargo install cargo-license
python3 createbom.py --dash ${{github.workspace}}/dash-databroker-deps ../databroker
cargo tree -e normal --prefix none --no-dedupe -p databroker --target all --all-features > ${{github.workspace}}/cargodeps
cat ${{github.workspace}}/cargodeps | sort -u \
| grep -v '^[[:space:]]*$' | grep -v kuksa | grep -v databroker \
| sed -E 's|([^ ]+) v([^ ]+).*|crate/cratesio/-/\1/\2|' \
> ${{github.workspace}}/dash-databroker-deps

- name: Dash license check
uses: eclipse-kuksa/kuksa-actions/check-dash@2
Expand Down
Loading
Loading