Skip to content

Commit

Permalink
Merge pull request #43139 from aloubyansky/3.14-sbom
Browse files Browse the repository at this point in the history
[3.14] Initial support for SBOM generation and CycloneDX
  • Loading branch information
gsmet authored Sep 10, 2024
2 parents 9fb4cb8 + 0267653 commit 333b60d
Show file tree
Hide file tree
Showing 42 changed files with 2,486 additions and 43 deletions.
22 changes: 22 additions & 0 deletions bom/application/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
<bouncycastle.version>1.78.1</bouncycastle.version>
<bouncycastle.fips.version>1.0.2.5</bouncycastle.fips.version>
<bouncycastle.tls.fips.version>1.0.19</bouncycastle.tls.fips.version>
<cyclonedx.version>9.0.5</cyclonedx.version>
<expressly.version>5.0.0</expressly.version>
<findbugs.version>3.0.2</findbugs.version>
<jandex.version>3.2.2</jandex.version>
Expand Down Expand Up @@ -708,6 +709,21 @@
<artifactId>quarkus-config-yaml-deployment</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-cyclonedx</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-cyclonedx-deployment</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-cyclonedx-generator</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-datasource-common</artifactId>
Expand Down Expand Up @@ -5017,6 +5033,12 @@
<version>${wildfly-common.version}</version>
</dependency>

<dependency>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-core-java</artifactId>
<version>${cyclonedx.version}</version>
</dependency>

<dependency>
<groupId>org.wildfly.openssl</groupId>
<artifactId>wildfly-openssl-java</artifactId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import java.util.function.Supplier;

import org.jboss.logging.Logger;

import io.quarkus.bootstrap.app.DependencyInfoProvider;
import io.quarkus.bootstrap.classloading.QuarkusClassLoader;
import io.quarkus.bootstrap.model.ApplicationModel;
import io.quarkus.builder.BuildChain;
Expand Down Expand Up @@ -55,6 +57,7 @@ public class QuarkusAugmentor {
private final Properties buildSystemProperties;
private final Path targetDir;
private final ApplicationModel effectiveModel;
private final Supplier<DependencyInfoProvider> depInfoProvider;
private final String baseName;
private final String originalBaseName;
private final boolean rebuild;
Expand Down Expand Up @@ -82,6 +85,7 @@ public class QuarkusAugmentor {
this.auxiliaryApplication = builder.auxiliaryApplication;
this.auxiliaryDevModeType = Optional.ofNullable(builder.auxiliaryDevModeType);
this.test = builder.test;
this.depInfoProvider = builder.depInfoProvider;
}

public BuildResult run() throws Exception {
Expand Down Expand Up @@ -152,7 +156,7 @@ public BuildResult run() throws Exception {
auxiliaryDevModeType, test))
.produce(new BuildSystemTargetBuildItem(targetDir, baseName, originalBaseName, rebuild,
buildSystemProperties == null ? new Properties() : buildSystemProperties))
.produce(new AppModelProviderBuildItem(effectiveModel));
.produce(new AppModelProviderBuildItem(effectiveModel, depInfoProvider));
for (PathCollection i : additionalApplicationArchives) {
execBuilder.produce(new AdditionalApplicationArchiveBuildItem(i));
}
Expand Down Expand Up @@ -214,6 +218,7 @@ public static final class Builder {
DevModeType devModeType;
boolean test;
boolean auxiliaryApplication;
private Supplier<DependencyInfoProvider> depInfoProvider;

public Builder addBuildChainCustomizer(Consumer<BuildChainBuilder> customizer) {
this.buildChainCustomizers.add(customizer);
Expand Down Expand Up @@ -353,5 +358,10 @@ public Builder setDeploymentClassLoader(ClassLoader deploymentClassLoader) {
this.deploymentClassLoader = deploymentClassLoader;
return this;
}

public Builder setDependencyInfoProvider(Supplier<DependencyInfoProvider> depInfoProvider) {
this.depInfoProvider = depInfoProvider;
return this;
}
}
}
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
package io.quarkus.deployment.builditem;

import java.util.Objects;
import java.util.function.Supplier;

import org.jboss.logging.Logger;

import io.quarkus.bootstrap.app.DependencyInfoProvider;
import io.quarkus.bootstrap.model.ApplicationModel;
import io.quarkus.bootstrap.model.PlatformImports;
import io.quarkus.builder.item.SimpleBuildItem;
Expand All @@ -12,9 +16,15 @@ public final class AppModelProviderBuildItem extends SimpleBuildItem {
private static final Logger log = Logger.getLogger(AppModelProviderBuildItem.class);

private final ApplicationModel appModel;
private final Supplier<DependencyInfoProvider> depInfoProvider;

public AppModelProviderBuildItem(ApplicationModel appModel) {
this.appModel = appModel;
this(appModel, null);
}

public AppModelProviderBuildItem(ApplicationModel appModel, Supplier<DependencyInfoProvider> depInfoProvider) {
this.appModel = Objects.requireNonNull(appModel);
this.depInfoProvider = depInfoProvider;
}

public ApplicationModel validateAndGet(BootstrapConfig config) {
Expand All @@ -34,4 +44,8 @@ public ApplicationModel validateAndGet(BootstrapConfig config) {
}
return appModel;
}

public Supplier<DependencyInfoProvider> getDependencyInfoProvider() {
return depInfoProvider;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import java.util.Map;

import io.quarkus.builder.item.MultiBuildItem;
import io.quarkus.sbom.ApplicationManifestConfig;

/**
* Represents a runnable artifact, such as an uberjar or thin jar.
Expand All @@ -17,11 +18,18 @@ public final class ArtifactResultBuildItem extends MultiBuildItem {
private final Path path;
private final String type;
private final Map<String, String> metadata;
private final ApplicationManifestConfig manifestConfig;

public ArtifactResultBuildItem(Path path, String type, Map<String, String> metadata) {
this(path, type, metadata, null);
}

public ArtifactResultBuildItem(Path path, String type, Map<String, String> metadata,
ApplicationManifestConfig manifestConfig) {
this.path = path;
this.type = type;
this.metadata = metadata;
this.manifestConfig = manifestConfig;
}

public Path getPath() {
Expand All @@ -32,6 +40,10 @@ public String getType() {
return type;
}

public ApplicationManifestConfig getManifestConfig() {
return manifestConfig;
}

public Map<String, String> getMetadata() {
return metadata;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,13 @@
import static io.quarkus.deployment.pkg.PackageConfig.JarConfig.JarType.*;

import java.nio.file.Path;
import java.util.Collection;

import io.quarkus.bootstrap.app.JarResult;
import io.quarkus.bootstrap.app.SbomResult;
import io.quarkus.builder.item.SimpleBuildItem;
import io.quarkus.deployment.pkg.PackageConfig;
import io.quarkus.sbom.ApplicationManifestConfig;

public final class JarBuildItem extends SimpleBuildItem {

Expand All @@ -15,14 +18,21 @@ public final class JarBuildItem extends SimpleBuildItem {
private final Path libraryDir;
private final PackageConfig.JarConfig.JarType type;
private final String classifier;
private final ApplicationManifestConfig manifestConfig;

public JarBuildItem(Path path, Path originalArtifact, Path libraryDir, PackageConfig.JarConfig.JarType type,
String classifier) {
this(path, originalArtifact, libraryDir, type, classifier, null);
}

public JarBuildItem(Path path, Path originalArtifact, Path libraryDir, PackageConfig.JarConfig.JarType type,
String classifier, ApplicationManifestConfig manifestConfig) {
this.path = path;
this.originalArtifact = originalArtifact;
this.libraryDir = libraryDir;
this.type = type;
this.classifier = classifier;
this.manifestConfig = manifestConfig;
}

public boolean isUberJar() {
Expand All @@ -49,8 +59,16 @@ public String getClassifier() {
return classifier;
}

public ApplicationManifestConfig getManifestConfig() {
return manifestConfig;
}

public JarResult toJarResult() {
return toJarResult(null);
}

public JarResult toJarResult(Collection<SbomResult> sboms) {
return new JarResult(path, originalArtifact, libraryDir, type == MUTABLE_JAR,
classifier);
classifier, sboms);
}
}
Loading

0 comments on commit 333b60d

Please sign in to comment.