feat: allow uploading multiple boms (#3900)

* WIP: Adapt bom names * + WIP: Adapt bom filenames * Upgrade cyclonedx gradle plugin and use cyclonedxBom config parameters * Fix unit tests - use correct name in bom creation * Fix pythonBuild bom name * introduce and use npmBomFilename const * Introduce and use mvnBomFilename const * Introduce and use gradleBomFilename const * Use build-tool names for bom suffix * + Adapt tests (build tool suffix) * Use BOM schema version 1.2 in gradleExecuteBuild * Pin version of cyclonedx-maven-plugin to 2.7.1 * Adapt generated files * Fix integration tests * Fix integration tests * Fix gradle build integration tests Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2025-07-17 01:42:43 +02:00 · 2022-08-01 13:38:49 +02:00
parent 1103a99519
commit 3cad6ac2cd
21 changed files with 60 additions and 33 deletions
--- a/pkg/npm/npm.go
+++ b/pkg/npm/npm.go
@ -13,6 +13,10 @@ import (
 	"github.com/SAP/jenkins-library/pkg/piperutils"
 )

+const (
+	npmBomFilename = "bom-npm.xml"
+)
+
 // Execute struct holds utils to enable mocking and common parameters
 type Execute struct {
 	Utils   Utils
@ -353,13 +357,14 @@ func (exec *Execute) CreateBOM(packageJSONFiles []string) error {
 	if err != nil {
 		return err
 	}
+
 	if len(packageJSONFiles) > 0 {
 		for _, packageJSONFile := range packageJSONFiles {
 			path := filepath.Dir(packageJSONFile)
 			params := []string{
 				"cyclonedx-bom",
 				path,
-				"--output", filepath.Join(path, "bom.xml"),
+				"--output", filepath.Join(path, npmBomFilename),
 			}
 			err := execRunner.RunExecutable("npx", params...)
 			if err != nil {