Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue #9502 Configure sbom plugin to produce sbom for jetty-home and include it in the distribution #10877

Merged
merged 8 commits into from
Nov 30, 2023
Merged

Issue #9502 Configure sbom plugin to produce sbom for jetty-home and include it in the distribution #10877

merged 8 commits into from
Nov 30, 2023

Conversation

olamy
Copy link
Member

@olamy olamy commented Nov 10, 2023
edited
Loading

@olamy olamy mentioned this pull request Nov 10, 2023
Closed
@olamy olamy changed the title configure sbom plugin to produce sbom per module and produce aggregate for top pom [POC/WIP] configure sbom plugin to produce sbom per module and produce aggregate for top pom Nov 10, 2023
@joakime
Copy link
Contributor

joakime commented Nov 10, 2023

This seems sane, and configurable.
I'm ok with this.

@olamy olamy changed the title [POC/WIP] configure sbom plugin to produce sbom per module and produce aggregate for top pom [POC/WIP] configure sbom plugin to produce sbom for jetty-home and include it in the distribution Nov 18, 2023
@olamy olamy marked this pull request as ready for review November 20, 2023 23:08
@olamy olamy changed the title [POC/WIP] configure sbom plugin to produce sbom for jetty-home and include it in the distribution Issue #9502 Configure sbom plugin to produce sbom for jetty-home and include it in the distribution Nov 20, 2023
@joakime joakime added this to the 12.0.x milestone Nov 21, 2023
@olamy
configure sbom plugin to produce sbom per module and produce aggregat…
7836a80 
…e for top pom

Signed-off-by: Olivier Lamy <olamy@apache.org>
@olamy
remove commented pom fragment
e95a0eb 
Signed-off-by: Olivier Lamy <olamy@apache.org>
@olamy
fix poms
4897034 
Signed-off-by: Olivier Lamy <olamy@apache.org>
@olamy
sbom for jetty home only
16e18c6 
Signed-off-by: Olivier Lamy <olamy@apache.org>
@olamy
sbom for jetty home only
19c2c16 
Signed-off-by: Olivier Lamy <olamy@apache.org>
@olamy
include the sbom in the distribution
7840530 
Signed-off-by: Olivier Lamy <olamy@apache.org>
@olamy
included sbom cyclonedx to have same name as deployed to Maven central
4bcdf93 
Signed-off-by: Olivier Lamy <olamy@apache.org>
jmcc0nn3ll
jmcc0nn3ll previously approved these changes Nov 29, 2023
View reviewed changes
Copy link
Contributor

@jmcc0nn3ll jmcc0nn3ll left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine to me, no way to set the cyclonedx.skip at the top level and just turn it on once?

if not, ship it

joakime
joakime previously approved these changes Nov 29, 2023
View reviewed changes
Copy link
Contributor

@joakime joakime left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As long as Eclipse Foundation is happy with this, then this is fine with me.

@olamy
Copy link
Member Author

olamy commented Nov 29, 2023

Looks fine to me, no way to set the cyclonedx.skip at the top level and just turn it on once?

if not, ship it

in fact now we generate sbom only for jetty-home, I can remove all the <cyclonedx.skip>true</cyclonedx.skip>

@jmcc0nn3ll
Copy link
Contributor

Looks fine to me, no way to set the cyclonedx.skip at the top level and just turn it on once?
if not, ship it

in fact now we generate sbom only for jetty-home, I can remove all the <cyclonedx.skip>true</cyclonedx.skip>

perfect, clean that up and merge it

@olamy
no more need of <cyclonedx.skip>true</cyclonedx.skip>
448a5e0 
Signed-off-by: Olivier Lamy <olamy@apache.org>
@olamy olamy dismissed stale reviews from joakime and jmcc0nn3ll via 448a5e0 November 29, 2023 23:35
@olamy
Copy link
Member Author

olamy commented Nov 30, 2023

@jmcc0nn3ll @joakime I will approval again as changes have dismissed your previous approvals.

jmcc0nn3ll
jmcc0nn3ll approved these changes Nov 30, 2023
View reviewed changes
Copy link
Contributor

@jmcc0nn3ll jmcc0nn3ll left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm

@olamy olamy merged commit 9d00a7c into jetty-12.0.x Nov 30, 2023
7 checks passed
@olamy olamy deleted the jetty-12.0.x-sbom branch December 3, 2023 05:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmcc0nn3ll jmcc0nn3ll jmcc0nn3ll approved these changes

@joakime joakime Awaiting requested review from joakime

Assignees
No one assigned
Labels
None yet
Projects
No open projects
Jetty 12.0.4 - FROZEN
Status: ✅ Done
Milestone
12.0.x
Development

Successfully merging this pull request may close these issues.
3 participants
@olamy @joakime @jmcc0nn3ll