X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=blobdiff_plain;f=shell%2Fsbom-generator.sh;h=9b77dccab464b5a2bfe062757384de9b8f2ac92c;hb=refs%2Ftags%2Fv0.79.1;hp=f3e657b003bed695dbf9143d87f2a5fb1f0f575c;hpb=cc281dac5f29fec045c7332094d55faa98acd924;p=releng%2Fglobal-jjb.git

diff --git a/shell/sbom-generator.sh b/shell/sbom-generator.sh
index f3e657b0..9b77dcca 100644
--- a/shell/sbom-generator.sh
+++ b/shell/sbom-generator.sh
@@ -15,7 +15,7 @@ echo "---> sbom-generator.sh"
 set -eu
 
 # Add mvn executable into PATH
-export PATH=$PATH:${MVN::-4}
+export PATH=${MVN::-4}:$PATH
 SBOM_LOCATION="/tmp/spdx-sbom-generator-${SBOM_GENERATOR_VERSION}-linux-amd64.tar.gz"
 echo "INFO: downloading spdx-sbom-generator version ${SBOM_GENERATOR_VERSION}"
 URL="https://github.com/spdx/spdx-sbom-generator/releases/download/${SBOM_GENERATOR_VERSION}/\
@@ -25,9 +25,14 @@ if ! wget -nv "${URL}" -O "${SBOM_LOCATION}"; then
     echo "wget ${SBOM_GENERATOR_VERSION} failed"
     exit 1;
 fi
-tar -xvf "${SBOM_LOCATION}"
+# Extract SBOM bin in SBOM_PATH
+# This is a workaround until the --path flag works
+# https://github.com/opensbom-generator/spdx-sbom-generator/issues/227
+tar -xzf "${SBOM_LOCATION}" -C ${SBOM_PATH}
 echo "INFO: running spdx-sbom-generator"
-./spdx-sbom-generator "${SBOM_FLAGS:-}" -o "${WORKSPACE}"/m2repo
+cd ${SBOM_PATH}
+./spdx-sbom-generator "${SBOM_FLAGS:-}" -g "$GLOBAL_SETTINGS_FILE" -o "${WORKSPACE}"/archives
+mv "${WORKSPACE}"/archives/bom-Java-Maven.spdx "${WORKSPACE}"/archives/sbom-"${JOB_BASE_NAME}"
 mv spdx-sbom-generator /tmp/
 rm /tmp/spdx*
 echo "---> sbom-generator.sh ends"