Skip to content

Commit 3ca6fc3

Browse files
rudsbergfniephaus
rudsberg
authored and
fniephaus
committed
SBOM: Ensure 'java-version' is persisted to post-run phase
1 parent 271a696 commit 3ca6fc3

File tree

4 files changed

+50
-43
lines changed

4 files changed

+50
-43
lines changed

__tests__/sbom.test.ts

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,7 @@ describe('sbom feature', () => {
145145
writeFileSync(sbomPath, JSON.stringify(sbom, null, 2))
146146

147147
mockFindSBOM([sbomPath])
148+
jest.spyOn(core, 'getState').mockReturnValue(javaVersion)
148149

149150
await processSBOM()
150151
}
@@ -190,6 +191,10 @@ describe('sbom feature', () => {
190191
]
191192
}
192193

194+
it('should throw an error if setUpSBOMSupport was not called before processSBOM', async () => {
195+
await expect(processSBOM()).rejects.toThrow('setUpSBOMSupport must be called before processSBOM')
196+
})
197+
193198
it('should process SBOM and display components', async () => {
194199
await setUpAndProcessSBOM(sampleSBOM)
195200

dist/cleanup/index.js

Lines changed: 15 additions & 14 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/main/index.js

Lines changed: 15 additions & 14 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/features/sbom.ts

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,7 @@ import { setNativeImageOption } from '../utils'
1010
const INPUT_NI_SBOM = 'native-image-enable-sbom'
1111
const SBOM_FILE_SUFFIX = '.sbom.json'
1212
const MIN_JAVA_VERSION = '24.0.0'
13-
14-
let javaVersionOrLatestEA: string | null = null
13+
const javaVersionKey = 'javaVersionKey'
1514

1615
interface SBOM {
1716
components: Component[]
@@ -67,36 +66,36 @@ interface DependencySnapshot {
6766
>
6867
}
6968

70-
export function setUpSBOMSupport(javaVersionOrDev: string, distribution: string): void {
69+
export function setUpSBOMSupport(javaVersion: string, distribution: string): void {
7170
if (!isFeatureEnabled()) {
7271
return
7372
}
7473

75-
validateJavaVersionAndDistribution(javaVersionOrDev, distribution)
76-
javaVersionOrLatestEA = javaVersionOrDev
77-
setNativeImageOption(javaVersionOrLatestEA, '--enable-sbom=export')
74+
validateJavaVersionAndDistribution(javaVersion, distribution)
75+
core.saveState(javaVersionKey, javaVersion)
76+
setNativeImageOption(javaVersion, '--enable-sbom=export')
7877
core.info('Enabled SBOM generation for Native Image build')
7978
}
8079

81-
function validateJavaVersionAndDistribution(javaVersionOrDev: string, distribution: string): void {
80+
function validateJavaVersionAndDistribution(javaVersion: string, distribution: string): void {
8281
if (distribution !== c.DISTRIBUTION_GRAALVM) {
8382
throw new Error(
8483
`The '${INPUT_NI_SBOM}' option is only supported for Oracle GraalVM (distribution '${c.DISTRIBUTION_GRAALVM}'), but found distribution '${distribution}'.`
8584
)
8685
}
8786

88-
if (javaVersionOrDev === 'dev') {
87+
if (javaVersion === 'dev') {
8988
throw new Error(`The '${INPUT_NI_SBOM}' option is not supported for java-version 'dev'.`)
9089
}
9190

92-
if (javaVersionOrDev === 'latest-ea') {
91+
if (javaVersion === 'latest-ea') {
9392
return
9493
}
9594

96-
const coercedJavaVersion = semver.coerce(javaVersionOrDev)
95+
const coercedJavaVersion = semver.coerce(javaVersion)
9796
if (!coercedJavaVersion || semver.gt(MIN_JAVA_VERSION, coercedJavaVersion)) {
9897
throw new Error(
99-
`The '${INPUT_NI_SBOM}' option is only supported for GraalVM for JDK ${MIN_JAVA_VERSION} or later, but found java-version '${javaVersionOrDev}'.`
98+
`The '${INPUT_NI_SBOM}' option is only supported for GraalVM for JDK ${MIN_JAVA_VERSION} or later, but found java-version '${javaVersion}'.`
10099
)
101100
}
102101
}
@@ -106,7 +105,8 @@ export async function processSBOM(): Promise<void> {
106105
return
107106
}
108107

109-
if (javaVersionOrLatestEA === null) {
108+
const javaVersion = core.getState(javaVersionKey)
109+
if (!javaVersion) {
110110
throw new Error('setUpSBOMSupport must be called before processSBOM')
111111
}
112112

@@ -116,7 +116,7 @@ export async function processSBOM(): Promise<void> {
116116
const sbomData = parseSBOM(sbomContent)
117117
const components = mapToComponentsWithDependencies(sbomData)
118118
printSBOMContent(components)
119-
const snapshot = convertSBOMToSnapshot(sbomPath, components)
119+
const snapshot = convertSBOMToSnapshot(javaVersion, sbomPath, components)
120120
await submitDependencySnapshot(snapshot)
121121
} catch (error) {
122122
throw new Error(
@@ -184,7 +184,7 @@ function printSBOMContent(components: Component[]): void {
184184
core.info('==================')
185185
}
186186

187-
function convertSBOMToSnapshot(sbomPath: string, components: Component[]): DependencySnapshot {
187+
function convertSBOMToSnapshot(javaVersion: string, sbomPath: string, components: Component[]): DependencySnapshot {
188188
const context = github.context
189189
const sbomFileName = basename(sbomPath)
190190

@@ -203,7 +203,7 @@ function convertSBOMToSnapshot(sbomPath: string, components: Component[]): Depen
203203
},
204204
detector: {
205205
name: 'Oracle GraalVM',
206-
version: javaVersionOrLatestEA ?? '',
206+
version: javaVersion,
207207
url: 'https://www.graalvm.org/'
208208
},
209209
scanned: new Date().toISOString(),

0 commit comments

Comments
 (0)