Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(RELEASE-1214): add support for spdx sbom format #307

Merged
merged 1 commit into from
Nov 12, 2024
Merged

feat(RELEASE-1214): add support for spdx sbom format #307

merged 1 commit into from
Nov 12, 2024

Conversation

mmalina
Copy link
Contributor

@mmalina mmalina commented Nov 11, 2024

Build team is moving from cyclonedx to spdx sbom format. To support both formats until the transition is over:

  • The original upload_rpm_data was copied as upload_rpm_data_cyclonedx to preserve the original behavior for now
  • upload_rpm_data was modified to work with spdx format

@mmalina mmalina force-pushed the spdx-support branch 2 times, most recently from 87095a9 to 7249247 Compare November 11, 2024 14:21
@mmalina mmalina marked this pull request as ready for review November 11, 2024 14:23
@mmalina mmalina requested a review from a team as a code owner November 11, 2024 14:23
@johnbieren
Copy link
Collaborator

So for the review, upload_rpm_data_cyclonedx.py and test_upload_rpm_data_cyclonedx.py are just copies and do not need review?
So then as part of this ticket, the tekton task will be switched to use upload_rpm_data_cyclonedx and once the transition is over the task will be modified to use upload_rpm_data and then the *_cyclonedx` files can be removed here? Do I have that right?

@mmalina mmalina mentioned this pull request Nov 12, 2024
Merged
@mmalina
Copy link
Contributor Author

mmalina commented Nov 12, 2024

So for the review, upload_rpm_data_cyclonedx.py and test_upload_rpm_data_cyclonedx.py are just copies and do not need review?

Correct.

So then as part of this ticket, the tekton task will be switched to use upload_rpm_data_cyclonedx and once the transition is over the task will be modified to use upload_rpm_data and then the *_cyclonedx` files can be removed here? Do I have that right?

Yeah, for now we will run one of the scripts depending on the sbom type: https://github.com/konflux-ci/release-service-catalog/pull/685/files

And eventually we will remove the upload_rpm_data_cyclonedx.py script and the logic in the task and support just spdx.

johnbieren
johnbieren reviewed Nov 12, 2024
View reviewed changes
Copy link
Collaborator

@johnbieren johnbieren left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm otherwise

pyxis/test_upload_rpm_data.py Outdated Show resolved Hide resolved
@mmalina mmalina force-pushed the spdx-support branch 2 times, most recently from f67c7d5 to 5f39100 Compare November 12, 2024 13:05
johnbieren
johnbieren previously approved these changes Nov 12, 2024
View reviewed changes
@mmalina
feat(RELEASE-1214): add support for spdx sbom format
55f2029 
Build team is moving from cyclonedx to spdx sbom format.
To support both formats until the transition is over:
* The original upload_rpm_data was copied as
  upload_rpm_data_cyclonedx to preserve the original
  behavior for now
* upload_rpm_data was modified to work with spdx format

Signed-off-by: Martin Malina <[email protected]>
@mmalina mmalina merged commit 47a7016 into konflux-ci:main Nov 12, 2024
3 checks passed
@mmalina mmalina deleted the spdx-support branch November 12, 2024 13:15
@mmalina mmalina mentioned this pull request Nov 13, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johnbieren johnbieren johnbieren approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mmalina @johnbieren