From ee1c9453bc0104ce619fdb32d14dab64caa4be1b Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Mon, 26 Aug 2024 14:49:05 +0200
Subject: [PATCH] OZG-4833 add dependency track to maven

---
 Jenkinsfile |  6 +++++-
 pom.xml     | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 58b40263..5a61e4e5 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -129,17 +129,21 @@ pipeline {
 
         stage ('Deploy SBOM to DependencyTrack') {
             steps {
+              script {
+                IMAGE_TAG = generateImageTag()
+                
                 configFileProvider([configFile(fileId: 'maven-settings', variable: 'MAVEN_SETTINGS')]) {
                     withCredentials([string(credentialsId: 'dependency-track-api-key', variable: 'API_KEY')]) {
 
                         dir('user-manager-server') {
 
                             catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
-                                sh 'mvn  --no-transfer-progress -s $MAVEN_SETTINGS io.github.pmckeown:dependency-track-maven-plugin:upload-bom -Ddependency-track.apiKey=$API_KEY -Ddependency-track.projectVersion=' + generateImageTag() + ' -Ddependency-track.dependencyTrackBaseUrl=https://dependency-track.ozg-sh.de'
+                                sh "mvn  --no-transfer-progress -s $MAVEN_SETTINGS io.github.pmckeown:dependency-track-maven-plugin:upload-bom -Ddependency-track.apiKey=$API_KEY -Ddependency-track.projectVersion=${IMAGE_TAG} -Ddependency-track.dependencyTrackBaseUrl=https://dependency-track.ozg-sh.de"
                             }
                         }
                     }
                 }
+              }
             }
         }
 
diff --git a/pom.xml b/pom.xml
index e5b05544..3f90ddfa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -55,6 +55,11 @@
 		<maven-failsafe-plugin.version>3.2.5</maven-failsafe-plugin.version>
 		<git-commit-id-maven-plugin.version>7.0.0</git-commit-id-maven-plugin.version>
 		<maven-source.plugin.version>3.3.0</maven-source.plugin.version>
+
+		<!-- TODO move to common-dependencies -->
+		<dependency-track-maven-plugin.version>1.7.0</dependency-track-maven-plugin.version>
+		<cyclonedx-maven-plugin.version>2.7.11</cyclonedx-maven-plugin.version>
+
 	</properties>
 
 	<modules>
@@ -233,7 +238,36 @@
 						</execution>
 					</executions>
 				</plugin>
+
+				<plugin>
+					<groupId>io.github.pmckeown</groupId>
+					<artifactId>dependency-track-maven-plugin</artifactId>
+					<version>${dependency-track-maven-plugin.version}</version>
+					<configuration>
+						<dependencyTrackBaseUrl>https://dependency-track.ozg-sh.de</dependencyTrackBaseUrl>
+						<failOnError>true</failOnError>
+						<createProject>true</createProject>
+					</configuration>
+				</plugin>
+
 			</plugins>
 		</pluginManagement>
+
+		<plugins>
+			<plugin>
+				<groupId>org.cyclonedx</groupId>
+				<artifactId>cyclonedx-maven-plugin</artifactId>
+				<version>${cyclonedx-maven-plugin.version}</version>
+				<executions>
+					<execution>
+						<phase>package</phase>
+						<goals>
+							<goal>makeAggregateBom</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+		</plugins>
+
 	</build>
 </project>
-- 
GitLab