Skip to content

[CDRIVER-5535] Add an +sbom-download target for getting the augmented SBOM #1629

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jun 6, 2024
Merged

[CDRIVER-5535] Add an +sbom-download target for getting the augmented SBOM #1629

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
69de65a
Add an +sbom-download target for getting the augmented SBOM
vector-of-bool Jun 3, 2024
897dc46
Clean up outdates comments
vector-of-bool Jun 6, 2024
0a3be74
dead code comment
vector-of-bool Jun 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 27 additions & 3 deletions Earthfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,15 +171,19 @@ multibuild:
--c_compiler=gcc --c_compiler=clang \
--test_mongocxx_ref=master

# This target is simply an environment in which the SilkBomb executable is available.
silkbomb:
FROM artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:1.0
# Alias the silkbom executable to a simpler name:
RUN ln -s /python/src/sbom/silkbomb/bin /usr/local/bin/silkbomb

# sbom-generate :
# Generate/update the etc/cyclonedx.sbom.json file from the etc/purls.txt file.
#
# This target will update the existing etc/cyclonedx.sbom.json file in-place based
# on the content of etc/purls.txt.
sbom-generate:
FROM artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:1.0
# Alias the silkbom executable to a simpler name:
RUN ln -s /python/src/sbom/silkbomb/bin /usr/local/bin/silkbomb
FROM +silkbomb
# Copy in the relevant files:
WORKDIR /s
COPY etc/purls.txt etc/cyclonedx.sbom.json /s/
Expand All @@ -191,6 +195,26 @@ sbom-generate:
# Save the result back to the host:
SAVE ARTIFACT /s/cyclonedx.sbom.json AS LOCAL etc/cyclonedx.sbom.json

# sbom-download :
# Download an augmented SBOM from the Silk server for the given branch. Exports
# the artifact as /augmented-sbom.json
#
# Requires credentials for silk access.
sbom-download:
FROM alpine:3.20
ARG --required branch
# Run the SilkBomb tool to download the artifact that matches the requested branch
FROM +silkbomb
# Set --no-cache, because the remote artifact could change arbitrarily over time
RUN --no-cache \
--secret SILK_CLIENT_ID \
--secret SILK_CLIENT_SECRET \
silkbomb download \
--sbom-out augmented-sbom.json \
--silk-asset-group mongo-c-driver-${branch}
# Export as /augmented-sbom.json
SAVE ARTIFACT augmented-sbom.json

# create-silk-asset-group :
# Create an asset group in Silk for the Git branch if one is not already defined.
#
Expand Down