Feature/concert SBOM integration#283
Conversation
Signed-off-by: Mathieu Dalbin <mathieu.dalbin@fr.ibm.com>
Signed-off-by: Mathieu Dalbin <mathieu.dalbin@fr.ibm.com>
dennis-behm
left a comment
dennis-behm
left a comment
There was a problem hiding this comment.
Hello @suman-gopinath. thanks for the PR to enhance the PackageBuildOutputs script to enable for IBM Concert . I have a couple of questions about it. Please see below.
Please also update the README.md with this new capability.
| if (props.generateSBOM && props.generateSBOM.toBoolean() && rc == 0) { | ||
| concertManifestGeneratorUtilities.addSBOMInfoToBuild(concertBuild, sbomFileName, sbomSerialNumber) | ||
| } | ||
| concertManifestGeneratorUtilities.writeBuildManifest(new File("$tempLoadDir/concert_build_manifest.yml"), props.fileEncoding, props.verbose) |
There was a problem hiding this comment.
The tar file is already created at this point. Should concert_build_manifest.yml be part of the package?
There was a problem hiding this comment.
Since the manifest needs the name of the tar. I suggest we leave it out this time
There was a problem hiding this comment.
Never mind. Added it now
| @Field Properties props = null | ||
| def scriptDir = new File(getClass().protectionDomain.codeSource.location.path).parent | ||
| @Field def wdManifestGeneratorUtilities = loadScript(new File("${scriptDir}/utilities/WaziDeployManifestGenerator.groovy")) | ||
| @Field def concertManifestGeneratorUtilities = loadScript(new File("${scriptDir}/utilities/concertBuildManifestGenerator.groovy")) |
There was a problem hiding this comment.
Like for the sbomUtilities, we are only loading the utilities when the user has turned it on. Can we apply the same approach for the concertManifestGeneratorUtilities?
| if (!props.publish) { | ||
| println("*! [ERROR] Missing publish parameter ('--publish'). It is required for generating the Concert Build Manifest file.") | ||
| rc = 2 | ||
| } |
There was a problem hiding this comment.
Is it a correct assumption that generating the concert build manifest file, will only work when only one BuildReport.json is passed to the PackageBuildOutputsScript? If so, we should validate that in this block.
There was a problem hiding this comment.
We will need to discuss this
There was a problem hiding this comment.
done. Added the check. Need some more tests
| # Default: false | ||
| generateWaziDeployAppManifest=false | ||
|
|
||
| # Boolean setting to define if the Wazi Deploy Application Manifest file should be generated |
There was a problem hiding this comment.
| # Boolean setting to define if the Wazi Deploy Application Manifest file should be generated | |
| # Boolean setting to define if the IBM Concert Build manifest file should be generated |
| generateWaziDeployAppManifest=false | ||
|
|
||
| # Boolean setting to define if the Wazi Deploy Application Manifest file should be generated | ||
| # Please note that the cli option `generateWaziDeployAppManifest` can override this setting and activate it. |
There was a problem hiding this comment.
| # Please note that the cli option `generateWaziDeployAppManifest` can override this setting and activate it. | |
| # Please note that the cli option `generateConcertBuildManifest` can override this setting and activate it. |
| if (props.generateSBOM && props.generateSBOM.toBoolean()) { | ||
| sbomUtilities = loadScript(new File("${scriptDir}/utilities/sbomGenerator.groovy")) | ||
| sbomSerialNumber = "url:uuid:" + UUID.randomUUID().toString() | ||
| sbomFileName = "${buildNumber}_sbom.json" |
There was a problem hiding this comment.
Is the file name format rather something that we should declare at the beginning of the script?
There was a problem hiding this comment.
It looks like the buildNumber is retrieved from the build report. So, it might make sense to retain this where it is.
…o 'yaml' and changed version to 1.0.3
…t manifest generation
M-DLB
left a comment
M-DLB
left a comment
There was a problem hiding this comment.
Some comments on the README file. Thank you @suman-gopinath !
Co-authored-by: Mathieu Dalbin <mathieu.dalbin@fr.ibm.com>
Co-authored-by: Mathieu Dalbin <mathieu.dalbin@fr.ibm.com>
Co-authored-by: Mathieu Dalbin <mathieu.dalbin@fr.ibm.com>
Co-authored-by: Mathieu Dalbin <mathieu.dalbin@fr.ibm.com>
Co-authored-by: Mathieu Dalbin <mathieu.dalbin@fr.ibm.com>
|
Accepted all of the README suggestions. I am good with it |
dennis-behm
left a comment
dennis-behm
left a comment
There was a problem hiding this comment.
@suman-gopinath thanks for addressing all comments, thanks for the contribution
3 participants
This pull request is to implement a feature integrating z/OS builds with IBM Concert This includes changes within the packaging script to create concert specific SBOM manifest or configurations. IBM Concert requires zOS Application builds to generate build config in the format https://github.ibm.com/roja/sample_app_data/blob/main/102/system-z/build-config-sample.yaml so that it can be supplied to concert dashboards. This enables zOS application changes to be visible in Concert dashboards along with the rest of the enterprise applications.