move buildCyclonedxLib to Build the CycloneDX Java library and app used for SBoM generation from build.sh to sbom.sh #3209
Conversation
…ed for SBoM generation from build.sh to sbom.sh
|
Thank you for creating a pull request! |
|
@julian55455 you'll need to sign the Eclipse CLA? |
|
@julian55455 - Also linter and tests fail |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
A block has been put on this Pull Request as this repository is temporarily under a code freeze due to an ongoing release cycle.
If this pull request needs to be merged during the release cycle then please comment /merge and a PMC member will be able to remove the block.
If the code freeze is over you can remove this block by commenting /thaw.
|
you might need to do a rebase first |
|
will merge it once code frozen is uplifted |
|
@julian55455 need to resolve conflicts first ^ |
|
/thaw |
github-actions
bot
dismissed
their stale review
Pull Request unblocked - code freeze is over.
|
@zdtsw are these build failures related to the changes made in this PR? |
dont think so, but since both mac failed, i will run one of them and see if it was glitch or not |
|
Ah of course the github action does not use --create-sbom... |
sbin/build.sh
Outdated
| @@ -968,17 +946,17 @@ cleanAndMoveArchiveFiles() { | |||
|
|
|||
| echo "Currently at '${PWD}'" | |||
|
|
|||
| local jdkPath=$(ls -d ${BUILD_CONFIG[JDK_PATH]}) | |||
| local jdkPath=$(ls -d "${BUILD_CONFIG[JDK_PATH]}") | |||
There was a problem hiding this comment.
This line needs the quotes removing as it relies on glob expansion.
Please can you undo the other " changes above as well
|
lets try get this pass test first and merge it, leave the "linter" to issue adoptium/ci-jenkins-pipelines#428 to fix |
think the reason is, we wanna only enable sbom related part from ci-jenkins-pipeline, and decouple from temurin-build. if we want sbom be in the GH check here, we later will also need to add more logic for the signing keys, can be a bit complicated. |
|
@julian55455 For the linter error: Try doing a new commit with: You may need to do an arbitrary change in each file to make a commit. |
| # Check if JDK-17 is available, download it if it isn't | ||
| if [ ! -d "${javaHome}" ]; then | ||
| # Download JDK-17 | ||
| apiUrlTemplate="https://api.adoptium.net/v3/binary/latest/\${JDK_BOOT_VERSION}/\${releaseType}/linux/\${downloadArch}/jdk/hotspot/normal/\${vendor}" |
There was a problem hiding this comment.
You don't need these 2 lines:
apiUrlTemplate=...
apiURL=$(eval echo ${apiUrlTemplate})
| # Download JDK-17 | ||
| apiUrlTemplate="https://api.adoptium.net/v3/binary/latest/\${JDK_BOOT_VERSION}/\${releaseType}/linux/\${downloadArch}/jdk/hotspot/normal/\${vendor}" | ||
| apiURL=$(eval echo ${apiUrlTemplate}) | ||
| JDK_BOOT_VERSION="17" |
There was a problem hiding this comment.
Make all these "local" variables
| buildCyclonedxLib() { | ||
| local javaHome="${1}" | ||
|
|
||
| # Check if JDK-17 is available, download it if it isn't |
There was a problem hiding this comment.
Move this boot jdk logic to
Line 688 in 18f343c
There was a problem hiding this comment.
agree, i was about to say the logic should be in setupAntEnv()
| downloadArch="x64" | ||
| vendor="adoptium" | ||
| apiURL="https://api.adoptium.net/v3/binary/latest/${JDK_BOOT_VERSION}/${releaseType}/linux/${downloadArch}/jdk/hotspot/normal/${vendor}" | ||
| echo "Downloading GA release of boot JDK version ${JDK_BOOT_VERSION} from ${apiURL}" |
There was a problem hiding this comment.
You are missing the actual download..
curl -L "${apiURL}" | tar xpzf - --strip-components=1 -C "$jdkDir"
Set jdkDir variable to be "${CYCLONEDB_DIR}/jdk"
Also add that folder to https://github.com/adoptium/temurin-build/blob/master/.gitignore
There was a problem hiding this comment.
Then set javaHome in setupAntEnv()
sbin/common/sbom.sh
Outdated
| @@ -2,6 +2,9 @@ | |||
| # Build the CycloneDX Java library and app used for SBoM generation | |||
| buildCyclonedxLib() { | |||
| local javaHome="${1}" | |||
| # Download jdk-19 if JAVA_HOME is not set or is older than jdk-19 | |||
| if [[ -z "${JAVA_HOME}" ]] || [[ "$(${JAVA_HOME}/bin/java -version 2>&1 | awk -F '"' '/version/ {print $2}')" < "1.9" ]]; then | |||
| buildCyclonedxLib() { | ||
| local javaHome="${1}" | ||
|
|
||
| # Check if JDK-17 is available, download it if it isn't |
There was a problem hiding this comment.
agree, i was about to say the logic should be in setupAntEnv()
|
fixed in this pr #3243 |
move buildCyclonedxLib to Build the CycloneDX Java library and app used for SBoM generation from build.sh to sbom.sh
Ref: #3158