From ca17b40cfec6506750ff04ae4aa2dba23bf0636f Mon Sep 17 00:00:00 2001 From: Adelin Owona <51498470+adelinowona@users.noreply.github.com> Date: Wed, 12 Jun 2024 14:16:34 -0400 Subject: [PATCH] CSHARP-5048: Integrate with silk and get SBOM document for releases (#1340) --- evergreen/download-augmented-sbom.sh | 16 ++++++++++ evergreen/evergreen.yml | 30 +++++++++++++++++-- evergreen/template_ssdlc_compliance_report.md | 8 ++--- 3 files changed, 46 insertions(+), 8 deletions(-) create mode 100755 evergreen/download-augmented-sbom.sh diff --git a/evergreen/download-augmented-sbom.sh b/evergreen/download-augmented-sbom.sh new file mode 100755 index 00000000000..7b277f88055 --- /dev/null +++ b/evergreen/download-augmented-sbom.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +# Environment variables used as input: +# SILK_CLIENT_ID +# SILK_CLIENT_SECRET + +declare -r SSDLC_PATH="./artifacts/ssdlc" +mkdir -p "${SSDLC_PATH}" + +echo "Downloading augmented sbom from silk" + +docker run --platform="linux/amd64" --rm -v ${PWD}:/pwd \ + -e SILK_CLIENT_ID \ + -e SILK_CLIENT_SECRET \ + artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:1.0 \ + download --silk-asset-group mongodb-dotnet-csharp-driver --sbom-out /pwd/${SSDLC_PATH}/augmented-sbom.json diff --git a/evergreen/evergreen.yml b/evergreen/evergreen.yml index a87115b75bd..f7b5788d600 100644 --- a/evergreen/evergreen.yml +++ b/evergreen/evergreen.yml @@ -254,6 +254,29 @@ functions: params: file: mo-expansion.yml + download-and-promote-augmented-sbom-to-s3-bucket: + - command: shell.exec + params: + working_dir: "mongo-csharp-driver" + include_expansions_in_env: + - "SILK_CLIENT_ID" + - "SILK_CLIENT_SECRET" + script: | + ${PREPARE_SHELL} + ./evergreen/download-augmented-sbom.sh + - command: s3.put + params: + aws_key: ${AWS_ACCESS_KEY_ID} + aws_secret: ${AWS_SECRET_ACCESS_KEY} + aws_session_token: ${AWS_SESSION_TOKEN} + local_file: ./mongo-csharp-driver/artifacts/ssdlc/augmented-sbom.json + remote_file: mongo-csharp-driver/${PACKAGE_VERSION}/augmented-sbom.json + bucket: csharp-driver-release-assets + region: us-west-2 + permissions: private + content_type: application/json + display_name: augmented-sbom.json + generate-ssdlc-report: - command: shell.exec params: @@ -264,9 +287,6 @@ functions: script: | ${PREPARE_SHELL} ./evergreen/generate-ssdlc-report.sh - - command: ec2.assume_role - params: - role_arn: ${UPLOAD_SSDLC_RELEASE_ASSETS_ROLE_ARN} - command: s3.put params: aws_key: ${AWS_ACCESS_KEY_ID} @@ -1898,8 +1918,12 @@ tasks: - name: generate-ssdlc-reports commands: + - command: ec2.assume_role + params: + role_arn: ${UPLOAD_SSDLC_RELEASE_ASSETS_ROLE_ARN} - func: download-packages - func: trace-artifacts + - func: download-and-promote-augmented-sbom-to-s3-bucket - func: generate-ssdlc-report - name: validate-apidocs diff --git a/evergreen/template_ssdlc_compliance_report.md b/evergreen/template_ssdlc_compliance_report.md index 8c882d89a0e..3dc92df9255 100644 --- a/evergreen/template_ssdlc_compliance_report.md +++ b/evergreen/template_ssdlc_compliance_report.md @@ -1,7 +1,7 @@ # ${PRODUCT_NAME} SSDLC compliance report This report is available -here. +here.