diff --git a/Makefile b/Makefile index db7ec781f6..f72034a490 100644 --- a/Makefile +++ b/Makefile @@ -542,3 +542,7 @@ kind-restart-%: .local/kind-kubeconfig # make helm-template-wire-server helm-template-%: clean-charts charts-integration ./hack/bin/helm-template.sh $(*) + +.PHONY: upload-bombon +upload-bombon: + ./hack/bin/bombon.hs -- "$@" diff --git a/changelog.d/5-internal/upload-bom b/changelog.d/5-internal/upload-bom new file mode 100644 index 0000000000..af658e2002 --- /dev/null +++ b/changelog.d/5-internal/upload-bom @@ -0,0 +1 @@ +add a Makefile target to make it possible to upload a bom of all services to s3 on every CI run diff --git a/hack/bin/bombon.hs b/hack/bin/bombon.hs new file mode 100755 index 0000000000..2b10440079 --- /dev/null +++ b/hack/bin/bombon.hs @@ -0,0 +1,17 @@ +#!/usr/bin/env -S nix -Lv run github:wireapp/ghc-flakr/ecb1f45f1549e06c92d71164e305ce501eb0e36e +{-# LANGUAGE BlockArguments #-} +{-# LANGUAGE ImportQualifiedPost #-} +{-# LANGUAGE OverloadedStrings #-} + +import Data.Text qualified as T +import Turtle + +main = do + (release, repo) <- options "Upload boms" do + (,) + <$> optText "release" 't' "Which release tag to upload the artifacts to" + <*> optText "repo" 'r' "Which repository to upload the artifacts to" + let bomName = "wire-server-bom-" <> release <> ".json" + ExitSuccess <- proc "nix" ["build", "-f", "nix", "wireServer.allLocalPackagesBom", "-o", bomName] mempty + printf ("uploading " % s % " to release " % s % "\n") bomName ("chart/" <> release) + proc "gh" ["-R", repo, "release", "upload", "chart/" <> release, bomName] mempty diff --git a/nix/default.nix b/nix/default.nix index 6f75f4e105..b9580716e3 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -7,6 +7,7 @@ let # All wire-server specific packages (import ./overlay.nix) (import ./overlay-docs.nix) + (self: super: { lib = super.lib // (import sources.bombon).lib.${super.system}; }) ]; }; diff --git a/nix/sources.json b/nix/sources.json index 3f76c8b401..ff25e629a7 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -1,4 +1,16 @@ { + "bombon": { + "branch": "main", + "description": "Nix CycloneDX Software Bills of Materials (SBOMs)", + "homepage": "", + "owner": "nikstur", + "repo": "bombon", + "rev": "09dce0377beb87c24822f79501d6c76166105788", + "sha256": "1z80waaimga03m4b0nhc3djaca4y2bh0dq8mc1r8s59hqngc22ch", + "type": "tarball", + "url": "https://github.com/nikstur/bombon/archive/09dce0377beb87c24822f79501d6c76166105788.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + }, "nixpkgs": { "branch": "nixpkgs-unstable", "description": "Nix Packages collection", diff --git a/nix/wire-server.nix b/nix/wire-server.nix index 82a0211e42..a3db5c48a5 100644 --- a/nix/wire-server.nix +++ b/nix/wire-server.nix @@ -44,7 +44,7 @@ # with nixpkgs' dockerTools to make derivations for docker images that we need. pkgs: let - lib = pkgs.lib; + inherit (pkgs) lib; hlib = pkgs.haskell.lib; withCleanedPath = drv: hlib.overrideCabal drv (old: { @@ -459,9 +459,20 @@ let export LOCALE_ARCHIVE=${pkgs.glibcLocales}/lib/locale/locale-archive ''; }; + allLocalPackages = pkgs.symlinkJoin { + name = "all-local-packages"; + paths = map (e: (hPkgs localModsEnableAll).${e}) wireServerPackages; + }; + + allImages = pkgs.linkFarm "all-images" (images localModsEnableAll); + + # BOM is an acronym for bill of materials + allLocalPackagesBom = lib.buildBom allLocalPackages { + includeBuildtimeDependencies = true; + }; in { - inherit ciImage hoogleImage; + inherit ciImage hoogleImage allImages allLocalPackages allLocalPackagesBom; images = images localModsEnableAll; imagesUnoptimizedNoDocs = images localModsOnlyTests; @@ -522,13 +533,4 @@ in inherit brig-templates; haskellPackages = hPkgs localModsEnableAll; haskellPackagesUnoptimizedNoDocs = hPkgs localModsOnlyTests; - allLocalPackages = pkgs.symlinkJoin { - name = "all-local-packages"; - paths = map (e: (hPkgs localModsEnableAll).${e}) wireServerPackages; - }; - - allImages = pkgs.symlinkJoin { - name = "all-images"; - paths = builtins.attrValues (images localModsEnableAll); - }; } // attrsets.genAttrs wireServerPackages (e: (hPkgs localModsEnableAll).${e})