Skip to content
Snippets Groups Projects
Commit 8cfec3f1 authored by Bastian Heppener's avatar Bastian Heppener
Browse files

Merge branch 'ozg-7492-sbom-dependency-tracker' into 'main' 

ozg-7492 upload sbom

See merge request !1
parents 8ecaddd8 4aec473d
Branches
No related tags found
1 merge request!1ozg-7492 upload sbom
Hide whitespace changes
Inline Side-by-side
Showing
with 25 additions and 6 deletions
Jenkinsfile
+ 25
6
View file @ 8cfec3f1
......@@ -5,7 +5,6 @@ pipeline {
}
}
tools { go 'go-1.22.0' }
environment {
RELEASE_REGEX = /v\d+.\d+.\d+/
BETA_REGEX = /v\d+.\d+.\d+-beta.\d/
......@@ -59,9 +58,6 @@ tools { go 'go-1.22.0' }
FAILED_STAGE=env.STAGE_NAME
sh '''
#export GOPATH so that installed dependencies could be found
export GOPATH=$GOROOT
go mod download
go install \
github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-grpc-gateway \
......@@ -75,8 +71,7 @@ tools { go 'go-1.22.0' }
chmod +x ./buf
./buf generate
#to compile go statically with these tags, so that the binary is not dynamically linked and from scratch in Dockerfile will work
go build -tags osusergo,netgo cmd/info-manager-proxy/main.go
go build -tags osusergo,netgo cmd/info-manager-proxy/main.go
'''
}
}
......@@ -162,6 +157,30 @@ tools { go 'go-1.22.0' }
}
}
}
stage ('Deploy SBOM to DependencyTrack') {
when {
anyOf {
branch 'main'
branch 'release'
}
}
steps {
script {
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
sh '''
go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
go env -w GOFLAGS=-buildvcs=false
cyclonedx-gomod version
cyclonedx-gomod app -main cmd/info-manager-proxy/ -output sbom.xml
'''
dependencyTrackPublisher artifact: 'sbom.xml', projectName: 'info-manager-proxy', projectVersion: env.BRANCH_NAME, synchronous: true
}
}
}
}
}
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutz - Barrierefreiheit