Generate software bill of materials as part of the package builds. #3702

2025-01-23 23:13:38 -06:00 · 2023-08-03 16:08:59 +05:30 · 2023-08-03 16:08:59 +05:30 · 48bfc66048
commit 48bfc66048
parent 1a7a23de3f
7 changed files with 22 additions and 1 deletions
--- a/Make.bat
+++ b/Make.bat
@ -27,6 +27,7 @@ CALL :CREATE_VIRTUAL_ENV || EXIT /B 1
 CALL :CREATE_PYTHON_ENV || EXIT /B 1
 CALL :CREATE_RUNTIME_ENV || EXIT /B 1
 CALL :CREATE_INSTALLER || EXIT /B 1
+CALL :GENERATE_SBOM || EXIT /B 1
 CALL :SIGN_INSTALLER || EXIT /B 1

 EXIT /B %ERRORLEVEL%
@ -355,6 +356,9 @@ REM Main build sequence Ends
    CD %WD%
    EXIT /B 0

+:GENERATE_SBOM
+    ECHO Generating SBOM...
+    syft "%DISTROOT%\" -o cyclonedx-json > "%DISTROOT%\cyclonedx.json"

 :SIGN_INSTALLER
    ECHO Attempting to sign the installer...
--- a/docs/en_US/release_notes_7_6.rst
+++ b/docs/en_US/release_notes_7_6.rst
@ -33,6 +33,7 @@ Housekeeping
 ************

  | `Issue #6588 <https://github.com/pgadmin-org/pgadmin4/issues/6588>`_ -  Added support for PostgreSQL and EPAS 16 to ensure it works without any errors.
+  | `Issue #3702 <https://github.com/pgadmin-org/pgadmin4/issues/3702>`_ -  Generate software bill of materials as part of the package builds.

 Bug fixes
 *********
--- a/pkg/debian/build.sh
+++ b/pkg/debian/build.sh
@ -22,6 +22,7 @@ _create_python_virtualenv "debian"
 _build_runtime
 _build_docs "debian"
 _copy_code
+_generate_sbom

 #
 # Server package
--- a/pkg/linux/build-functions.sh
+++ b/pkg/linux/build-functions.sh
@ -244,3 +244,11 @@ _copy_code() {
    rm python3 && ln -s "${PYTHON_INTERPRETER}" python3
 }

+
+_generate_sbom() {
+   echo "Generating SBOMs..."
+   # Note that we don't generate an SBOM for the Meta package as it doesn't contain any files.
+   syft "${SERVERROOT}/" -o cyclonedx-json > "${SERVERROOT}/usr/${APP_NAME}/sbom-server.json"
+   syft "${DESKTOPROOT}/" -o cyclonedx-json > "${DESKTOPROOT}/usr/${APP_NAME}/sbom-desktop.json"
+   syft "${WEBROOT}/" -o cyclonedx-json > "${WEBROOT}/usr/${APP_NAME}/sbom-web.json"
+}
--- a/pkg/mac/build-functions.sh
+++ b/pkg/mac/build-functions.sh
@ -320,6 +320,11 @@ _complete_bundle() {
    chmod -R og-w "${BUNDLE_DIR}"
 }

+_generate_sbom() {
+   echo "Generating SBOM..."
+   syft "${BUNDLE_DIR}/Contents/" -o cyclonedx-json > "${BUNDLE_DIR}/Contents/cyclonedx.json"
+}
+
 _codesign_binaries() {
    if [ "${CODESIGN}" -eq 0 ]; then
        return
@ -485,4 +490,4 @@ _notarize_pkg() {
    fi

    echo "Notarization completed successfully."
-}
+}
--- a/pkg/mac/build.sh
+++ b/pkg/mac/build.sh
@ -66,6 +66,7 @@ _build_runtime
 _create_python_env
 _build_docs
 _complete_bundle
+_generate_sbom
 _codesign_binaries
 _codesign_bundle
 _create_dmg
--- a/pkg/redhat/build.sh
+++ b/pkg/redhat/build.sh
@ -26,6 +26,7 @@ _create_python_virtualenv "redhat"
 _build_runtime
 _build_docs "redhat"
 _copy_code
+_generate_sbom

 # Get an RPM-compatible version number
 RPM_VERSION=${APP_RELEASE}.${APP_REVISION}