Code Review / releng / global-jjb.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Chore: Upgrade Jenkins-job-builder to 6.3.0
[releng/global-jjb.git] / shell / sbom-generator.sh
1 #!/bin/bash
2 # SPDX-License-Identifier: EPL-1.0
3 ##############################################################################
4 # Copyright (c) 2022 The Linux Foundation and others.
5 #
6 # All rights reserved. This program and the accompanying materials
7 # are made available under the terms of the Eclipse Public License v1.0
8 # which accompanies this distribution, and is available at
9 # http://www.eclipse.org/legal/epl-v10.html
10 ##############################################################################
11 echo "---> sbom-generator.sh"
12 # This script downloads the specified version of SBOM generator and triggers a run.
13
14 # stop on error or unbound variable
15 set -eu
16
17 # Add mvn executable into PATH
18 export PATH=${MVN::-4}:$PATH
19 SBOM_LOCATION="/tmp/spdx-sbom-generator-${SBOM_GENERATOR_VERSION}-linux-amd64.tar.gz"
20 echo "INFO: downloading spdx-sbom-generator version ${SBOM_GENERATOR_VERSION}"
21 URL="https://github.com/spdx/spdx-sbom-generator/releases/download/${SBOM_GENERATOR_VERSION}/\
22 spdx-sbom-generator-${SBOM_GENERATOR_VERSION}-linux-amd64.tar.gz"
23 # Exit if wget fails
24 if ! wget -nv "${URL}" -O "${SBOM_LOCATION}"; then
25     echo "wget ${SBOM_GENERATOR_VERSION} failed"
26     exit 1;
27 fi
28 # Extract SBOM bin in SBOM_PATH
29 # This is a workaround until the --path flag works
30 # https://github.com/opensbom-generator/spdx-sbom-generator/issues/227
31 # shellcheck disable=SC2086
32 tar -xzf "${SBOM_LOCATION}" -C ${SBOM_PATH}
33 echo "INFO: running spdx-sbom-generator"
34 # shellcheck disable=SC2086
35 cd ${SBOM_PATH}
36 ./spdx-sbom-generator "${SBOM_FLAGS:-}" -g "$GLOBAL_SETTINGS_FILE" -o "${WORKSPACE}"/archives
37
38 # Maven artifacts
39 if [[ "$JOB_NAME" =~ "maven" ]]; then
40     mvn_group_id=$("$MVN" help:evaluate -Dexpression=project.groupId -q -DforceStdout \
41                     -s "$SETTINGS_FILE" -gs "$GLOBAL_SETTINGS_FILE")
42     group_id_path="${mvn_group_id//.//}"
43     release_version=$("$MVN" help:evaluate -Dexpression=project.version -q -DforceStdout \
44                       -s "$SETTINGS_FILE" -gs "$GLOBAL_SETTINGS_FILE")
45
46     mv "${WORKSPACE}/archives/bom-Java-Maven.spdx" \
47         "${WORKSPACE}/archives/${PROJECT##*/}-sbom-${release_version}.spdx"
48     cp "${WORKSPACE}/archives/${PROJECT##*/}-sbom-${release_version}.spdx" \
49         "${WORKSPACE}/m2repo/${group_id_path}/${PROJECT##*/}-sbom-${release_version}.spdx"
50 fi
51
52 mv spdx-sbom-generator /tmp/
53 rm /tmp/spdx*
54 echo "---> sbom-generator.sh ends"
Global Jenkins Job Builder templates