From: Andrew Grimberg <agrimberg@linuxfoundation.org>
Date: Tue, 16 Aug 2022 23:10:46 +0000 (+0000)
Subject: Merge "Fix: Update lf-activate-env code comment"
X-Git-Tag: v0.79.4~8
X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=5655c3c31af39982054c778ab5de1f319d131f45;hp=19d9b665527b5bc33f8790b6114e71e608306f6a;p=releng%2Fglobal-jjb.git

Merge "Fix: Update lf-activate-env code comment"
---

diff --git a/releasenotes/notes/sbom-copy-m2repo-afb1452eca4efcc2.yaml b/releasenotes/notes/sbom-copy-m2repo-afb1452eca4efcc2.yaml
new file mode 100644
index 00000000..02ae4588
--- /dev/null
+++ b/releasenotes/notes/sbom-copy-m2repo-afb1452eca4efcc2.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Copy SBOM report to the project's m2repo so that is signed by
+    SIGUL and pushed in the same staging package as the maven
+    artifacts.
diff --git a/shell/sbom-generator.sh b/shell/sbom-generator.sh
index 9b77dcca..913a6391 100644
--- a/shell/sbom-generator.sh
+++ b/shell/sbom-generator.sh
@@ -33,6 +33,7 @@ echo "INFO: running spdx-sbom-generator"
 cd ${SBOM_PATH}
 ./spdx-sbom-generator "${SBOM_FLAGS:-}" -g "$GLOBAL_SETTINGS_FILE" -o "${WORKSPACE}"/archives
 mv "${WORKSPACE}"/archives/bom-Java-Maven.spdx "${WORKSPACE}"/archives/sbom-"${JOB_BASE_NAME}"
+cp "${WORKSPACE}"/archives/sbom-"${JOB_BASE_NAME}" "${WORKSPACE}"/m2repo/sbom-"${JOB_BASE_NAME}"
 mv spdx-sbom-generator /tmp/
 rm /tmp/spdx*
 echo "---> sbom-generator.sh ends"