Sbom.yml

parameters:
  - name: BuildDropPath
    default: $(System.ArtifactsDirectory)
  # Use the public repo URL, such as `https://github.com/powershell/powershell`
  - name: Build_Repository_Uri
  - name: displayName
    default: SBOM
  - name: SBOMGenerator_Formats
    default: spdx:2.2
  - name: PackageName
    default: Unknown
  - name: PackageVersion
    default: '0.0.0'
  - name: sourceScanPath
    default: $(Build.SourcesDirectory)

steps:
- task: UseDotNet@2
  displayName: '${{ parameters.displayName }} - Install .NET Core sdk 3.x'
  inputs:
    version: 3.x

- pwsh: |
    Write-Verbose "$env:PACKAGENAME -eq 'Unknown'" -Verbose
    if ($env:PACKAGENAME -eq 'Unknown') {
        Write-Warning "PackageName is not set: $env:PACKAGENAME"
    }

    Write-Verbose "$env:PACKAGEVERSION -eq '0.0.0'" -Verbose
    if ($env:PACKAGEVERSION -eq '0.0.0') {
        Write-Warning "PackageVersion is not set: $env:PACKAGEVERSION"
    }
  displayName: '${{ parameters.displayName }} - Verify Parameters'
  env:
    PACKAGEVERSION: ${{ parameters.PackageVersion }}
    PACKAGENAME: ${{ parameters.PackageName }}

- pwsh: |
    Get-ChildItem env:
  displayName: '${{ parameters.displayName }} - Capture Environment'
  env:
    Build.Repository.Uri: ${{ parameters.Build_Repository_Uri }}
    SBOMGenerator_Formats: '${{ parameters.SBOMGenerator_Formats }}'
    sourceScanPath: ${{ parameters.sourceScanPath }}

- task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
  displayName: '${{ parameters.displayName }} - Generate'
  inputs:
    BuildDropPath: ${{ parameters.BuildDropPath }}
    PackageName: ${{ parameters.PackageName }}
    PackageVersion: ${{ parameters.PackageVersion }}
    BuildComponentPath: ${{ parameters.sourceScanPath }}
  env:
    SBOMGenerator_Formats: '${{ parameters.SBOMGenerator_Formats }}'
    # *** Leaving these as documentation of the rest of the inputs ***
    # These should be implemented as needed with backwards compatibility for user that didn't supply the parameters
    #
    # this is the folder to put the BOM, defaults to ${{ parameters.BuildDropPath }}
    # ManifestDirPath: ${{ parameters.BuildDropPath }}
    # configuration json for the tool
    # ConfigFilePath: config.json
# This will break signing, but it is currently not enabled.
- pwsh: |
    $manifestPath = Join-Path '${{ parameters.BuildDropPath }}' -ChildPath '_manifest\manifest.json'
    if (Test-Path $manifestPath) {
      Write-Verbose "manifestPath: $manifestPath" -verbose
      $manifest = Get-Content $manifestPath | ConvertFrom-Json
      Write-Verbose "oldRepo: $($manifest.Repo)" -verbose
      $manifest.Repo = '${{ parameters.Build_Repository_Uri}}'
      Write-Verbose "newRepo: $($manifest.Repo)" -verbose
      $manifest | convertto-json -Compress | Out-File -FilePath $manifestPath -Force
    } else { Write-Verbose "cloudbuild manifest doesn't exist" -verbose }
  displayName: '${{ parameters.displayName }} - Fix repo'