Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial support for SBOM generation and CycloneDX #42451

Merged
merged 1 commit into from
Aug 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions bom/application/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
<bouncycastle.version>1.78.1</bouncycastle.version>
<bouncycastle.fips.version>1.0.2.5</bouncycastle.fips.version>
<bouncycastle.tls.fips.version>1.0.19</bouncycastle.tls.fips.version>
<cyclonedx.version>9.0.5</cyclonedx.version>
<expressly.version>5.0.0</expressly.version>
<findbugs.version>3.0.2</findbugs.version>
<jandex.version>3.2.2</jandex.version>
Expand Down Expand Up @@ -707,6 +708,21 @@
<artifactId>quarkus-config-yaml-deployment</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-cyclonedx</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-cyclonedx-deployment</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-cyclonedx-generator</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-datasource-common</artifactId>
Expand Down Expand Up @@ -5016,6 +5032,12 @@
<version>${wildfly-common.version}</version>
</dependency>

<dependency>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-core-java</artifactId>
<version>${cyclonedx.version}</version>
</dependency>

<dependency>
<groupId>org.wildfly.openssl</groupId>
<artifactId>wildfly-openssl-java</artifactId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import java.util.function.Supplier;

import org.jboss.logging.Logger;

import io.quarkus.bootstrap.app.DependencyInfoProvider;
import io.quarkus.bootstrap.classloading.QuarkusClassLoader;
import io.quarkus.bootstrap.model.ApplicationModel;
import io.quarkus.builder.BuildChain;
Expand Down Expand Up @@ -55,6 +57,7 @@ public class QuarkusAugmentor {
private final Properties buildSystemProperties;
private final Path targetDir;
private final ApplicationModel effectiveModel;
private final Supplier<DependencyInfoProvider> depInfoProvider;
private final String baseName;
private final String originalBaseName;
private final boolean rebuild;
Expand Down Expand Up @@ -82,6 +85,7 @@ public class QuarkusAugmentor {
this.auxiliaryApplication = builder.auxiliaryApplication;
this.auxiliaryDevModeType = Optional.ofNullable(builder.auxiliaryDevModeType);
this.test = builder.test;
this.depInfoProvider = builder.depInfoProvider;
}

public BuildResult run() throws Exception {
Expand Down Expand Up @@ -152,7 +156,7 @@ public BuildResult run() throws Exception {
auxiliaryDevModeType, test))
.produce(new BuildSystemTargetBuildItem(targetDir, baseName, originalBaseName, rebuild,
buildSystemProperties == null ? new Properties() : buildSystemProperties))
.produce(new AppModelProviderBuildItem(effectiveModel));
.produce(new AppModelProviderBuildItem(effectiveModel, depInfoProvider));
for (PathCollection i : additionalApplicationArchives) {
execBuilder.produce(new AdditionalApplicationArchiveBuildItem(i));
}
Expand Down Expand Up @@ -214,6 +218,7 @@ public static final class Builder {
DevModeType devModeType;
boolean test;
boolean auxiliaryApplication;
private Supplier<DependencyInfoProvider> depInfoProvider;

public Builder addBuildChainCustomizer(Consumer<BuildChainBuilder> customizer) {
this.buildChainCustomizers.add(customizer);
Expand Down Expand Up @@ -353,5 +358,10 @@ public Builder setDeploymentClassLoader(ClassLoader deploymentClassLoader) {
this.deploymentClassLoader = deploymentClassLoader;
return this;
}

public Builder setDependencyInfoProvider(Supplier<DependencyInfoProvider> depInfoProvider) {
this.depInfoProvider = depInfoProvider;
return this;
}
}
}
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
package io.quarkus.deployment.builditem;

import java.util.Objects;
import java.util.function.Supplier;

import org.jboss.logging.Logger;

import io.quarkus.bootstrap.app.DependencyInfoProvider;
import io.quarkus.bootstrap.model.ApplicationModel;
import io.quarkus.bootstrap.model.PlatformImports;
import io.quarkus.builder.item.SimpleBuildItem;
Expand All @@ -12,9 +16,15 @@ public final class AppModelProviderBuildItem extends SimpleBuildItem {
private static final Logger log = Logger.getLogger(AppModelProviderBuildItem.class);

private final ApplicationModel appModel;
private final Supplier<DependencyInfoProvider> depInfoProvider;

public AppModelProviderBuildItem(ApplicationModel appModel) {
this.appModel = appModel;
this(appModel, null);
}

public AppModelProviderBuildItem(ApplicationModel appModel, Supplier<DependencyInfoProvider> depInfoProvider) {
this.appModel = Objects.requireNonNull(appModel);
this.depInfoProvider = depInfoProvider;
}

public ApplicationModel validateAndGet(BootstrapConfig config) {
Expand All @@ -34,4 +44,8 @@ public ApplicationModel validateAndGet(BootstrapConfig config) {
}
return appModel;
}

public Supplier<DependencyInfoProvider> getDependencyInfoProvider() {
return depInfoProvider;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import java.util.Map;

import io.quarkus.builder.item.MultiBuildItem;
import io.quarkus.sbom.ApplicationManifestConfig;

/**
* Represents a runnable artifact, such as an uberjar or thin jar.
Expand All @@ -17,11 +18,18 @@ public final class ArtifactResultBuildItem extends MultiBuildItem {
private final Path path;
private final String type;
private final Map<String, String> metadata;
private final ApplicationManifestConfig manifestConfig;

public ArtifactResultBuildItem(Path path, String type, Map<String, String> metadata) {
this(path, type, metadata, null);
}

public ArtifactResultBuildItem(Path path, String type, Map<String, String> metadata,
ApplicationManifestConfig manifestConfig) {
this.path = path;
this.type = type;
this.metadata = metadata;
this.manifestConfig = manifestConfig;
}

public Path getPath() {
Expand All @@ -32,6 +40,10 @@ public String getType() {
return type;
}

public ApplicationManifestConfig getManifestConfig() {
return manifestConfig;
}

public Map<String, String> getMetadata() {
return metadata;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,13 @@
import static io.quarkus.deployment.pkg.PackageConfig.JarConfig.JarType.*;

import java.nio.file.Path;
import java.util.Collection;

import io.quarkus.bootstrap.app.JarResult;
import io.quarkus.bootstrap.app.SbomResult;
import io.quarkus.builder.item.SimpleBuildItem;
import io.quarkus.deployment.pkg.PackageConfig;
import io.quarkus.sbom.ApplicationManifestConfig;

public final class JarBuildItem extends SimpleBuildItem {

Expand All @@ -15,14 +18,21 @@ public final class JarBuildItem extends SimpleBuildItem {
private final Path libraryDir;
private final PackageConfig.JarConfig.JarType type;
private final String classifier;
private final ApplicationManifestConfig manifestConfig;

public JarBuildItem(Path path, Path originalArtifact, Path libraryDir, PackageConfig.JarConfig.JarType type,
String classifier) {
this(path, originalArtifact, libraryDir, type, classifier, null);
}

public JarBuildItem(Path path, Path originalArtifact, Path libraryDir, PackageConfig.JarConfig.JarType type,
String classifier, ApplicationManifestConfig manifestConfig) {
this.path = path;
this.originalArtifact = originalArtifact;
this.libraryDir = libraryDir;
this.type = type;
this.classifier = classifier;
this.manifestConfig = manifestConfig;
}

public boolean isUberJar() {
Expand All @@ -49,8 +59,16 @@ public String getClassifier() {
return classifier;
}

public ApplicationManifestConfig getManifestConfig() {
return manifestConfig;
}

public JarResult toJarResult() {
return toJarResult(null);
}

public JarResult toJarResult(Collection<SbomResult> sboms) {
return new JarResult(path, originalArtifact, libraryDir, type == MUTABLE_JAR,
classifier);
classifier, sboms);
}
}
Loading
Loading