Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SBOM: Ensure 'java-version' is persisted to post-run phase #151

Merged
merged 1 commit into from
Mar 3, 2025
Merged

SBOM: Ensure 'java-version' is persisted to post-run phase #151

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions __tests__/sbom.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@ describe('sbom feature', () => {
writeFileSync(sbomPath, JSON.stringify(sbom, null, 2))

mockFindSBOM([sbomPath])
jest.spyOn(core, 'getState').mockReturnValue(javaVersion)

await processSBOM()
}
Expand Down Expand Up @@ -190,6 +191,10 @@ describe('sbom feature', () => {
]
}

it('should throw an error if setUpSBOMSupport was not called before processSBOM', async () => {
await expect(processSBOM()).rejects.toThrow('setUpSBOMSupport must be called before processSBOM')
})

it('should process SBOM and display components', async () => {
await setUpAndProcessSBOM(sampleSBOM)

Expand Down
29 changes: 15 additions & 14 deletions dist/cleanup/index.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

29 changes: 15 additions & 14 deletions dist/main/index.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 15 additions & 15 deletions src/features/sbom.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,7 @@ import { setNativeImageOption } from '../utils'
const INPUT_NI_SBOM = 'native-image-enable-sbom'
const SBOM_FILE_SUFFIX = '.sbom.json'
const MIN_JAVA_VERSION = '24.0.0'

let javaVersionOrLatestEA: string | null = null
const javaVersionKey = 'javaVersionKey'

interface SBOM {
components: Component[]
Expand Down Expand Up @@ -67,36 +66,36 @@ interface DependencySnapshot {
>
}

export function setUpSBOMSupport(javaVersionOrDev: string, distribution: string): void {
export function setUpSBOMSupport(javaVersion: string, distribution: string): void {
if (!isFeatureEnabled()) {
return
}

validateJavaVersionAndDistribution(javaVersionOrDev, distribution)
javaVersionOrLatestEA = javaVersionOrDev
setNativeImageOption(javaVersionOrLatestEA, '--enable-sbom=export')
validateJavaVersionAndDistribution(javaVersion, distribution)
core.saveState(javaVersionKey, javaVersion)
setNativeImageOption(javaVersion, '--enable-sbom=export')
core.info('Enabled SBOM generation for Native Image build')
}

function validateJavaVersionAndDistribution(javaVersionOrDev: string, distribution: string): void {
function validateJavaVersionAndDistribution(javaVersion: string, distribution: string): void {
if (distribution !== c.DISTRIBUTION_GRAALVM) {
throw new Error(
`The '${INPUT_NI_SBOM}' option is only supported for Oracle GraalVM (distribution '${c.DISTRIBUTION_GRAALVM}'), but found distribution '${distribution}'.`
)
}

if (javaVersionOrDev === 'dev') {
if (javaVersion === 'dev') {
throw new Error(`The '${INPUT_NI_SBOM}' option is not supported for java-version 'dev'.`)
}

if (javaVersionOrDev === 'latest-ea') {
if (javaVersion === 'latest-ea') {
return
}

const coercedJavaVersion = semver.coerce(javaVersionOrDev)
const coercedJavaVersion = semver.coerce(javaVersion)
if (!coercedJavaVersion || semver.gt(MIN_JAVA_VERSION, coercedJavaVersion)) {
throw new Error(
`The '${INPUT_NI_SBOM}' option is only supported for GraalVM for JDK ${MIN_JAVA_VERSION} or later, but found java-version '${javaVersionOrDev}'.`
`The '${INPUT_NI_SBOM}' option is only supported for GraalVM for JDK ${MIN_JAVA_VERSION} or later, but found java-version '${javaVersion}'.`
)
}
}
Expand All @@ -106,7 +105,8 @@ export async function processSBOM(): Promise<void> {
return
}

if (javaVersionOrLatestEA === null) {
const javaVersion = core.getState(javaVersionKey)
if (!javaVersion) {
throw new Error('setUpSBOMSupport must be called before processSBOM')
}

Expand All @@ -116,7 +116,7 @@ export async function processSBOM(): Promise<void> {
const sbomData = parseSBOM(sbomContent)
const components = mapToComponentsWithDependencies(sbomData)
printSBOMContent(components)
const snapshot = convertSBOMToSnapshot(sbomPath, components)
const snapshot = convertSBOMToSnapshot(javaVersion, sbomPath, components)
await submitDependencySnapshot(snapshot)
} catch (error) {
throw new Error(
Expand Down Expand Up @@ -184,7 +184,7 @@ function printSBOMContent(components: Component[]): void {
core.info('==================')
}

function convertSBOMToSnapshot(sbomPath: string, components: Component[]): DependencySnapshot {
function convertSBOMToSnapshot(javaVersion: string, sbomPath: string, components: Component[]): DependencySnapshot {
const context = github.context
const sbomFileName = basename(sbomPath)

Expand All @@ -203,7 +203,7 @@ function convertSBOMToSnapshot(sbomPath: string, components: Component[]): Depen
},
detector: {
name: 'Oracle GraalVM',
version: javaVersionOrLatestEA ?? '',
version: javaVersion,
url: 'https://www.graalvm.org/'
},
scanned: new Date().toISOString(),
Expand Down
Loading