Include createBOM flag in MTA build (#4629)

* Include createBOM flag in MTA build * Uncomment bom creation * Changed sbom path * Changed source path * Reverted source path and included folder path to bom * Test docker image * Test docker image * sbom name change * Removed the redundent log
2025-11-06 09:09:19 +02:00 · 2023-11-07 09:16:10 +01:00
parent 59c2f75ce1
commit ae7bfa5d92
4 changed files with 36 additions and 1 deletions
--- a/cmd/mtaBuild.go
+++ b/cmd/mtaBuild.go
@@ -206,6 +206,10 @@ func runMtaBuild(config mtaBuildOptions,
 	call = append(call, "--source", getSourcePath(config))
 	call = append(call, "--target", getAbsPath(getMtarFileRoot(config)))

+	if config.CreateBOM {
+		call = append(call, "--sbom-file-path", filepath.FromSlash("sbom-gen/bom-mta.xml"))
+	}
+
 	if config.Jobs > 0 {
 		call = append(call, "--mode=verbose")
 		call = append(call, "--jobs="+strconv.Itoa(config.Jobs))
--- a/cmd/mtaBuild_generated.go
+++ b/cmd/mtaBuild_generated.go
@@ -42,6 +42,7 @@ type mtaBuildOptions struct {
 	Publish                         bool     `json:"publish,omitempty"`
 	Profiles                        []string `json:"profiles,omitempty"`
 	BuildSettingsInfo               string   `json:"buildSettingsInfo,omitempty"`
+	CreateBOM                       bool     `json:"createBOM,omitempty"`
 }

 type mtaBuildCommonPipelineEnvironment struct {
@@ -243,6 +244,7 @@ func addMtaBuildFlags(cmd *cobra.Command, stepConfig *mtaBuildOptions) {
 	cmd.Flags().BoolVar(&stepConfig.Publish, "publish", false, "pushed mtar artifact to altDeploymentRepositoryUrl/altDeploymentRepositoryID when set to true")
 	cmd.Flags().StringSliceVar(&stepConfig.Profiles, "profiles", []string{}, "Defines list of maven build profiles to be used. profiles will overwrite existing values in the global settings xml at $M2_HOME/conf/settings.xml")
 	cmd.Flags().StringVar(&stepConfig.BuildSettingsInfo, "buildSettingsInfo", os.Getenv("PIPER_buildSettingsInfo"), "build settings info is typically filled by the step automatically to create information about the build settings that were used during the mta build . This information is typically used for compliance related processes.")
+	cmd.Flags().BoolVar(&stepConfig.CreateBOM, "createBOM", false, "Creates the bill of materials (BOM) using CycloneDX plugin.")

 }

@@ -488,6 +490,15 @@ func mtaBuildMetadata() config.StepData {
 						Aliases:   []config.Alias{},
 						Default:   os.Getenv("PIPER_buildSettingsInfo"),
 					},
+					{
+						Name:        "createBOM",
+						ResourceRef: []config.ResourceReference{},
+						Scope:       []string{"GENERAL", "STEPS", "STAGES", "PARAMETERS"},
+						Type:        "bool",
+						Mandatory:   false,
+						Aliases:     []config.Alias{},
+						Default:     false,
+					},
 				},
 			},
 			Containers: []config.Container{
--- a/cmd/mtaBuild_test.go
+++ b/cmd/mtaBuild_test.go
@@ -289,6 +289,7 @@ func TestMtaBuild(t *testing.T) {

 func TestMtaBuildSourceDir(t *testing.T) {

+	cpe := mtaBuildCommonPipelineEnvironment{}
 	t.Run("getSourcePath", func(t *testing.T) {
 		t.Parallel()

@@ -328,7 +329,6 @@ func TestMtaBuildSourceDir(t *testing.T) {

 	t.Run("find build tool descriptor from configuration", func(t *testing.T) {
 		t.Parallel()
-		cpe := mtaBuildCommonPipelineEnvironment{}
 		t.Run("default mta.yaml", func(t *testing.T) {
 			utilsMock := newMtaBuildTestUtilsBundle()

@@ -358,6 +358,17 @@ func TestMtaBuildSourceDir(t *testing.T) {
 		})
 	})

+	t.Run("MTA build should enable create BOM", func(t *testing.T) {
+		utilsMock := newMtaBuildTestUtilsBundle()
+
+		options := mtaBuildOptions{ApplicationName: "myApp", Platform: "CF", DefaultNpmRegistry: "https://example.org/npm", MtarName: "myName", Source: "./", Target: "./", CreateBOM: true}
+		utilsMock.AddFile("package.json", []byte("{\"name\": \"myName\", \"version\": \"1.2.3\"}"))
+
+		err := runMtaBuild(options, &cpe, utilsMock)
+		assert.Nil(t, err)
+		assert.Contains(t, utilsMock.Calls[0].Params, "--sbom-file-path")
+
+	})
 }

 func TestMtaBuildMtar(t *testing.T) {
--- a/resources/metadata/mtaBuild.yaml
+++ b/resources/metadata/mtaBuild.yaml
@@ -227,6 +227,15 @@ spec:
        resourceRef:
          - name: commonPipelineEnvironment
            param: custom/buildSettingsInfo
+      - name: createBOM
+        type: bool
+        description: Creates the bill of materials (BOM) using CycloneDX plugin.
+        scope:
+          - GENERAL
+          - STEPS
+          - STAGES
+          - PARAMETERS
+        default: false
  outputs:
    resources:
      - name: commonPipelineEnvironment