diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json index cf85f5a..36bd745 100644 --- a/.config/dotnet-tools.json +++ b/.config/dotnet-tools.json @@ -8,18 +8,6 @@ "dotnet-sonarscanner" ] }, - "microsoft.sbom.dotnettool": { - "version": "4.1.5", - "commands": [ - "sbom-tool" - ] - }, - "demaconsulting.spdxtool": { - "version": "2.6.0", - "commands": [ - "spdx-tool" - ] - }, "demaconsulting.pandoctool": { "version": "3.9.0", "commands": [ diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 776864e..aa566be 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -136,36 +136,6 @@ jobs: end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" - - name: Generate SBOM - run: > - dotnet sbom-tool generate - -b src/DemaConsulting.SpdxModel/bin/Release - -bc src/DemaConsulting.SpdxModel - -pn DemaConsulting.SpdxModel - -pv ${{ inputs.version }} - -ps DemaConsulting - -nsb https://DemaConsulting.com/SpdxModel - -pm true - -li true - - - name: Generate Tests SBOM - run: > - dotnet sbom-tool generate - -b test/DemaConsulting.SpdxModel.Tests/bin/Release - -bc test/DemaConsulting.SpdxModel.Tests - -cd "--DirectoryExclusionList **/Examples/**" - -pn DemaConsulting.SpdxModel.Tests - -pv ${{ inputs.version }} - -ps DemaConsulting - -nsb https://DemaConsulting.com/SpdxModel.Tests - -pm true - -li true - - - name: Run SBOM Workflow - run: > - dotnet spdx-tool - run-workflow spdx-workflow.yaml - - name: Create Dotnet Tool run: > dotnet pack @@ -203,9 +173,6 @@ jobs: path: | **/*.nupkg **/*.snupkg - **/manifest.spdx.json - **/manifest.spdx.json.sha256 - *summary.md # Runs CodeQL security and quality analysis, gathering results to include # in the code quality report. diff --git a/spdx-workflow.yaml b/spdx-workflow.yaml deleted file mode 100644 index a25ca61..0000000 --- a/spdx-workflow.yaml +++ /dev/null @@ -1,129 +0,0 @@ ---- -# This workflow annotates the SBOM for the DemaConsulting.SpdxModel with -# build tools, and generates a summary markdown. - -# Workflow Parameters -parameters: - dotnet-version: unknown - spdx-model-spdx: src/DemaConsulting.SpdxModel/bin/Release/_manifest/spdx_2.2/manifest.spdx.json - spdx-model-md: spdx-model-summary.md - spdx-model-tests-spdx: test/DemaConsulting.SpdxModel.Tests/bin/Release/_manifest/spdx_2.2/manifest.spdx.json - spdx-model-tests-md: spdx-model-tests-summary.md - -# Steps -steps: - - # Get the version of the SpdxModel package - - command: get-version - inputs: - output: version - spdx: ${{ spdx-model-spdx }} - name: DemaConsulting.SpdxModel - - # Rename the package ID for SpdxModel - - command: rename-id - displayName: Rename SpdxModel Package ID - inputs: - spdx: ${{ spdx-model-spdx }} - old: SPDXRef-RootPackage - new: SPDXRef-Package-DemaConsulting-SpdxModel-${{ version }} - - # Query for DotNet version - - command: run-workflow - displayName: Query DotNet Version - inputs: - url: https://raw.githubusercontent.com/demaconsulting/SpdxWorkflows/main/GetDotNetVersion.yaml - outputs: - version: dotnet-version - - # Add DotNet package - - command: run-workflow - displayName: Add DotNet Package ${{ dotnet-version }} - inputs: - url: https://raw.githubusercontent.com/demaconsulting/SpdxWorkflows/main/AddDotNetPackage.yaml - parameters: - spdx: ${{ spdx-model-spdx }} - id: SPDXRef-Package-DotNet-${{ dotnet-version }} - version: ${{ dotnet-version }} - - # Add DotNet relationships - - command: add-relationship - displayName: Add DotNet Relationships - inputs: - spdx: ${{ spdx-model-spdx }} - id: SPDXRef-Package-DotNet-${{ dotnet-version }} - relationships: - - type: BUILD_TOOL_OF - element: SPDXRef-Package-DemaConsulting-SpdxModel-${{ version }} - comment: DemaConsulting.SpdxModel compiled by DotNet ${{ dotnet-version }} - - # Update the Sha256 digest on the SpdxModel SBOM - - command: hash - displayName: Update SpdxModel SBOM Sha256 - inputs: - operation: generate - algorithm: sha256 - file: ${{ spdx-model-spdx }} - - # Validate the SpdxModel SBOM - - command: validate - displayName: Validate SpdxModel SBOM Sha256 - inputs: - spdx: ${{ spdx-model-spdx }} - - # Generate the SpdxModel summary - - command: to-markdown - displayName: Generate SpdxModel SBOM summary - inputs: - spdx: ${{ spdx-model-spdx }} - markdown: ${{ spdx-model-md }} - - # Rename the package ID for SpdxModel.Tests - - command: rename-id - displayName: Rename SpdxModel.Tests Package ID - inputs: - spdx: ${{ spdx-model-tests-spdx }} - old: SPDXRef-RootPackage - new: SPDXRef-Package-DemaConsulting-SpdxModel-Tests-${{ version }} - - # Add DotNet package - - command: run-workflow - displayName: Add DotNet Package ${{ dotnet-version }} - inputs: - url: https://raw.githubusercontent.com/demaconsulting/SpdxWorkflows/main/AddDotNetPackage.yaml - parameters: - spdx: ${{ spdx-model-tests-spdx }} - id: SPDXRef-Package-DotNet-${{ dotnet-version }} - version: ${{ dotnet-version }} - - # Add DotNet relationships - - command: add-relationship - displayName: Add DotNet Relationships - inputs: - spdx: ${{ spdx-model-tests-spdx }} - id: SPDXRef-Package-DotNet-${{ dotnet-version }} - relationships: - - type: BUILD_TOOL_OF - element: SPDXRef-Package-DemaConsulting-SpdxModel-Tests-${{ version }} - comment: DemaConsulting.SpdxModel.Tests compiled by DotNet ${{ dotnet-version }} - - # Update the Sha256 digest on the SpdxModel.Tests SBOM - - command: hash - displayName: Update SpdxModel.Tests SBOM Sha256 - inputs: - operation: generate - algorithm: sha256 - file: ${{ spdx-model-tests-spdx }} - - # Validate the SpdxModel.Tests SBOM - - command: validate - displayName: Validate SpdxModel.Tests SBOM Sha256 - inputs: - spdx: ${{ spdx-model-tests-spdx }} - - # Generate the SpdxModel.Tests summary - - command: to-markdown - displayName: Generate SpdxModel.Tests SBOM summary - inputs: - spdx: ${{ spdx-model-tests-spdx }} - markdown: ${{ spdx-model-tests-md }}