Skip to content

Commit 72747d6

Browse files
vector-of-boolvector-of-bool
authored
[CDRIVER-5535] Add an +sbom-download target for getting the augmented SBOM (#1629)
1 parent 56e54a7 commit 72747d6

File tree

1 file changed

+27
-3
lines changed

1 file changed

+27
-3
lines changed

Earthfile

Lines changed: 27 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -171,15 +171,19 @@ multibuild:
171171
--c_compiler=gcc --c_compiler=clang \
172172
--test_mongocxx_ref=master
173173

174+
# This target is simply an environment in which the SilkBomb executable is available.
175+
silkbomb:
176+
FROM artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:1.0
177+
# Alias the silkbom executable to a simpler name:
178+
RUN ln -s /python/src/sbom/silkbomb/bin /usr/local/bin/silkbomb
179+
174180
# sbom-generate :
175181
# Generate/update the etc/cyclonedx.sbom.json file from the etc/purls.txt file.
176182
#
177183
# This target will update the existing etc/cyclonedx.sbom.json file in-place based
178184
# on the content of etc/purls.txt.
179185
sbom-generate:
180-
FROM artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:1.0
181-
# Alias the silkbom executable to a simpler name:
182-
RUN ln -s /python/src/sbom/silkbomb/bin /usr/local/bin/silkbomb
186+
FROM +silkbomb
183187
# Copy in the relevant files:
184188
WORKDIR /s
185189
COPY etc/purls.txt etc/cyclonedx.sbom.json /s/
@@ -191,6 +195,26 @@ sbom-generate:
191195
# Save the result back to the host:
192196
SAVE ARTIFACT /s/cyclonedx.sbom.json AS LOCAL etc/cyclonedx.sbom.json
193197

198+
# sbom-download :
199+
# Download an augmented SBOM from the Silk server for the given branch. Exports
200+
# the artifact as /augmented-sbom.json
201+
#
202+
# Requires credentials for silk access.
203+
sbom-download:
204+
FROM alpine:3.20
205+
ARG --required branch
206+
# Run the SilkBomb tool to download the artifact that matches the requested branch
207+
FROM +silkbomb
208+
# Set --no-cache, because the remote artifact could change arbitrarily over time
209+
RUN --no-cache \
210+
--secret SILK_CLIENT_ID \
211+
--secret SILK_CLIENT_SECRET \
212+
silkbomb download \
213+
--sbom-out augmented-sbom.json \
214+
--silk-asset-group mongo-c-driver-${branch}
215+
# Export as /augmented-sbom.json
216+
SAVE ARTIFACT augmented-sbom.json
217+
194218
# create-silk-asset-group :
195219
# Create an asset group in Silk for the Git branch if one is not already defined.
196220
#

0 commit comments

Comments
 (0)