X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=blobdiff_plain;f=shell%2Fsbom-generator.sh;h=c63efd6801a619e3a945557bbc749d006e1fd123;hb=bc75e147545672639c0dfa25e61bff0e2d7166a5;hp=8b1fd3570d3c9d9e1e5674e42d51bfdd95109a83;hpb=c204c1369403f888551808a27e9408cad60b70f8;p=releng%2Fglobal-jjb.git

diff --git a/shell/sbom-generator.sh b/shell/sbom-generator.sh
index 8b1fd357..c63efd68 100644
--- a/shell/sbom-generator.sh
+++ b/shell/sbom-generator.sh
@@ -15,7 +15,7 @@ echo "---> sbom-generator.sh"
 set -eu
 
 # Add mvn executable into PATH
-export PATH=$PATH:${MVN::-4}
+export PATH=${MVN::-4}:$PATH
 SBOM_LOCATION="/tmp/spdx-sbom-generator-${SBOM_GENERATOR_VERSION}-linux-amd64.tar.gz"
 echo "INFO: downloading spdx-sbom-generator version ${SBOM_GENERATOR_VERSION}"
 URL="https://github.com/spdx/spdx-sbom-generator/releases/download/${SBOM_GENERATOR_VERSION}/\
@@ -31,7 +31,22 @@ fi
 tar -xzf "${SBOM_LOCATION}" -C ${SBOM_PATH}
 echo "INFO: running spdx-sbom-generator"
 cd ${SBOM_PATH}
-./spdx-sbom-generator "${SBOM_FLAGS:-}" -o "${WORKSPACE}"/m2repo
+./spdx-sbom-generator "${SBOM_FLAGS:-}" -g "$GLOBAL_SETTINGS_FILE" -o "${WORKSPACE}"/archives
+
+# Maven artifacts
+if [[ "$JOB_NAME" =~ "maven" ]]; then
+    mvn_group_id=$("$MVN" help:evaluate -Dexpression=project.groupId -q -DforceStdout \
+                    -s "$SETTINGS_FILE" -gs "$GLOBAL_SETTINGS_FILE")
+    group_id_path="${mvn_group_id//.//}"
+    release_version=$("$MVN" help:evaluate -Dexpression=project.version -q -DforceStdout \
+                      -s "$SETTINGS_FILE" -gs "$GLOBAL_SETTINGS_FILE")
+
+    mv "${WORKSPACE}/archives/bom-Java-Maven.spdx" \
+        "${WORKSPACE}/archives/${PROJECT##*/}-sbom-${release_version}.spdx"
+    cp "${WORKSPACE}/archives/${PROJECT##*/}-sbom-${release_version}.spdx" \
+        "${WORKSPACE}/m2repo/${group_id_path}/${PROJECT##*/}-sbom-${release_version}.spdx"
+fi
+
 mv spdx-sbom-generator /tmp/
 rm /tmp/spdx*
 echo "---> sbom-generator.sh ends"