X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=blobdiff_plain;f=shell%2Fsbom-generator.sh;h=2ffca2846ad2d48540c9f8700902665b18bf4beb;hb=9268e4ab2c79a5605c59865ac5dd96231de75518;hp=913a639140843337793b36410adab7559243e9c4;hpb=a09b8bab2c37f67f0f5e9ef36f9e93b330fdd571;p=releng%2Fglobal-jjb.git

diff --git a/shell/sbom-generator.sh b/shell/sbom-generator.sh
index 913a6391..2ffca284 100644
--- a/shell/sbom-generator.sh
+++ b/shell/sbom-generator.sh
@@ -28,12 +28,27 @@ fi
 # Extract SBOM bin in SBOM_PATH
 # This is a workaround until the --path flag works
 # https://github.com/opensbom-generator/spdx-sbom-generator/issues/227
+# shellcheck disable=SC2086
 tar -xzf "${SBOM_LOCATION}" -C ${SBOM_PATH}
 echo "INFO: running spdx-sbom-generator"
+# shellcheck disable=SC2086
 cd ${SBOM_PATH}
 ./spdx-sbom-generator "${SBOM_FLAGS:-}" -g "$GLOBAL_SETTINGS_FILE" -o "${WORKSPACE}"/archives
-mv "${WORKSPACE}"/archives/bom-Java-Maven.spdx "${WORKSPACE}"/archives/sbom-"${JOB_BASE_NAME}"
-cp "${WORKSPACE}"/archives/sbom-"${JOB_BASE_NAME}" "${WORKSPACE}"/m2repo/sbom-"${JOB_BASE_NAME}"
+
+# Maven artifacts
+if [[ "$JOB_NAME" =~ "maven" ]]; then
+    mvn_group_id=$("$MVN" help:evaluate -Dexpression=project.groupId -q -DforceStdout \
+                    -s "$SETTINGS_FILE" -gs "$GLOBAL_SETTINGS_FILE")
+    group_id_path="${mvn_group_id//.//}"
+    release_version=$("$MVN" help:evaluate -Dexpression=project.version -q -DforceStdout \
+                      -s "$SETTINGS_FILE" -gs "$GLOBAL_SETTINGS_FILE")
+
+    mv "${WORKSPACE}/archives/bom-Java-Maven.spdx" \
+        "${WORKSPACE}/archives/${PROJECT##*/}-sbom-${release_version}.spdx"
+    cp "${WORKSPACE}/archives/${PROJECT##*/}-sbom-${release_version}.spdx" \
+        "${WORKSPACE}/m2repo/${group_id_path}/${PROJECT##*/}-sbom-${release_version}.spdx"
+fi
+
 mv spdx-sbom-generator /tmp/
 rm /tmp/spdx*
 echo "---> sbom-generator.sh ends"