build: Publish SBOMs

kordamp · Jun 3, 2024 · 9499c6e · 9499c6e
1 parent 792af9a
commit 9499c6e
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 19 deletions.
diff --git a/build.gradle b/build.gradle
@@ -106,27 +106,51 @@ allprojects {
     repositories {
         mavenLocal()
     }
+
+    tasks.withType(GenerateModuleMetadata) {
+        enabled = false
+    }
+
+    tasks.withType(JavaCompile) {
+        options.encoding = 'UTF-8'
+    }
 }
 
-idea {
-    project {
-        jdkName sourceCompatibility
-        languageLevel sourceCompatibility
+profiles {
+    profile('sbom') {
+        activation {
+            property {
+                key   = 'sbom'
+                value = true
+            }
+        }
+        action {
+            println 'SBOM generation is turned ON'
+
+            gradleProjects {
+                subprojects {
+                    dirs(['subprojects']) {
+                        cyclonedxBom {
+                            includeConfigs = ['runtimeClasspath']
+                            projectType = 'library'
+                            outputName = "${project.name}-${project.version}-cyclonedx".toString()
+                            destination = file('build/reports/cyclonedx')
+                            includeLicenseText = false
+                        }
 
-        ipr {
-            withXml { provider ->
-                def node = provider.asNode()
-                node.component.find { it.'@name' == 'VcsDirectoryMappings' }?.mapping[0].'@vcs' = 'Git'
+                        publishing {
+                            publications {
+                                main(MavenPublication) {
+                                    artifact classifier: 'cyclonedx', source: new File(cyclonedxBom.destination.get(), cyclonedxBom.outputName.get() + '.xml')
+                                    artifact classifier: 'cyclonedx', source: new File(cyclonedxBom.destination.get(), cyclonedxBom.outputName.get() + '.json')
+                                }
+                            }
+                        }
 
-                def compilerConfiguration = node.component.find { it.'@name' == 'CompilerConfiguration' }
-                compilerConfiguration.remove(compilerConfiguration.annotationProcessing)
-                compilerConfiguration.append(new XmlParser().parseText("""
-    <annotationProcessing>
-      <profile default="true" name="Default" enabled="true">
-        <processorPath useClasspath="true" />
-      </profile>
-    </annotationProcessing>"""))
+                        project.generatePomFileForMainPublication.dependsOn(cyclonedxBom)
+                    }
+                }
             }
         }
     }
-}
+}
diff --git a/gradle.properties b/gradle.properties
@@ -20,8 +20,6 @@ group                      = org.kordamp.json
 sourceCompatibility        = 1.8
 targetCompatibility        = 1.8
 
-previousVersion            = 3.0.1
-
 commonsLangVersion         = 3.9
 commonsBeanutilsVersion    = 1.9.3
 commonsCollections4Version = 4.4
@@ -36,6 +34,7 @@ xomVersion                 = 1.3.8
 kordampPluginVersion       = 0.54.0
 kordampBuildVersion        = 3.4.0
 gitPluginVersion           = 3.0.0
+cyclonedxPluginVersion     = 1.8.2
 
 org.gradle.daemon          = true
 org.gradle.caching         = true

diff --git a/settings.gradle b/settings.gradle
@@ -35,6 +35,7 @@ buildscript {
     }
     dependencies {
         classpath "org.kordamp.gradle:kordamp-parentbuild:$kordampBuildVersion"
+        classpath "org.cyclonedx:cyclonedx-gradle-plugin:$cyclonedxPluginVersion"
     }
 }
 apply plugin: 'org.kordamp.gradle.kordamp-parentbuild'
@@ -53,6 +54,7 @@ projects {
         }
         dirs(['subprojects']) {
             id 'java-library'
+            id 'org.cyclonedx.bom'
         }
     }
 }