-
Notifications
You must be signed in to change notification settings - Fork 7.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SBOM manifest to nuget packages #16711
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just a couple of suggestions but otherwise looks good
Co-authored-by: James Truher [MSFT] <jimtru@microsoft.com>
Co-authored-by: James Truher [MSFT] <jimtru@microsoft.com>
Reverting incorrect change to verbose message.
This pull request has been automatically marked as Review Needed because it has been there has not been any activity for 7 days. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please give your thoughts on the comments I left
@adityapatwardhan Ping... |
This PR has Quantification details
Why proper sizing of changes matters
Optimal pull request sizes drive a better predictable PR flow as they strike a
What can I do to optimize my changes
How to interpret the change counts in git diff output
Was this comment helpful? 👍 :ok_hand: :thumbsdown: (Email) |
🎉 Handy links: |
# Conflicts: # build.psm1 # tools/cgmanifest.json
# Conflicts: # build.psm1 # tools/cgmanifest.json # Conflicts: # build.psm1 # tools/cgmanifest.json # tools/packaging/packaging.psm1 # tools/releaseBuild/azureDevOps/templates/nuget.yml
# Conflicts: # build.psm1 # tools/cgmanifest.json # Conflicts: # build.psm1 # tools/cgmanifest.json # tools/packaging/packaging.psm1 # tools/releaseBuild/azureDevOps/templates/nuget.yml # Conflicts: # tools/packaging/packaging.psm1 # tools/releaseBuild/azureDevOps/templates/nuget.yml
This PR adds SBOM manifests for created nuget packages for coordinated package builds.
SBOM manifests are added by splitting the existing
New-ILNugetPacakge
function, which creates all nuget packages at once, intoNew-ILNugetPackageSource
andNew-ILNugetPackageFromSource
functions. These new functions create source and package for just one file at a time, so that an SBOM manifest can be created (via yml template) for each file/package.PR Checklist
.h
,.cpp
,.cs
,.ps1
and.psm1
files have the correct copyright headerWIP:
or[ WIP ]
to the beginning of the title (theWIP
bot will keep its status check atPending
while the prefix is present) and remove the prefix when the PR is ready.(which runs in a different PS Host).