-
Notifications
You must be signed in to change notification settings - Fork 194
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add p2-aware model converter for CycloneDX SBOM generation
- Loading branch information
Showing
17 changed files
with
675 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<extensions> | ||
<extension> | ||
<groupId>org.eclipse.tycho</groupId> | ||
<artifactId>tycho-build</artifactId> | ||
<version>${tycho-version}</version> | ||
</extension> | ||
</extensions> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
-Dtycho-version=5.0.0-SNAPSHOT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
bin.includes = feature.xml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<feature | ||
id="example.feature" | ||
label="Feature with SBOM" | ||
version="1.0.0.20240107"> | ||
|
||
<description url="http://www.example.com/description"> | ||
[Enter Feature Description here.] | ||
</description> | ||
|
||
<copyright url="http://www.example.com/copyright"> | ||
[Enter Copyright Description here.] | ||
</copyright> | ||
|
||
<license url="http://www.example.com/license"> | ||
[Enter License Description here.] | ||
</license> | ||
|
||
<plugin | ||
id="example.plugin" | ||
version="0.0.0"/> | ||
|
||
</feature> |
11 changes: 11 additions & 0 deletions
11
tycho-its/projects/sbom/example.plugin/META-INF/MANIFEST.MF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
Manifest-Version: 1.0 | ||
Bundle-ManifestVersion: 2 | ||
Bundle-Name: Plugin with SBOM | ||
Bundle-SymbolicName: example.plugin | ||
Bundle-Version: 1.0.0.20240107 | ||
Require-Bundle: org.eclipse.core.databinding;bundle-version="1.13.100", | ||
org.eclipse.core.databinding.beans;bundle-version="1.10.100", | ||
org.eclipse.core.databinding.observable;bundle-version="1.13.100", | ||
org.eclipse.core.databinding.property;bundle-version="1.10.100" | ||
Automatic-Module-Name: example.plugin | ||
Bundle-RequiredExecutionEnvironment: JavaSE-17 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
source.. = src/ | ||
output.. = bin/ | ||
bin.includes = META-INF/,\ | ||
. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
<groupId>tycho-demo</groupId> | ||
<artifactId>sbom</artifactId> | ||
<version>1.0.0-SNAPSHOT</version> | ||
<packaging>pom</packaging> | ||
|
||
<properties> | ||
<tycho-version>5.0.0-SNAPSHOT</tycho-version> | ||
<tycho.sbom.url>https://www.example.p2.repo/</tycho.sbom.url> | ||
</properties> | ||
|
||
<modules> | ||
<module>example.feature</module> | ||
<module>example.plugin</module> | ||
<module>product</module> | ||
<module>repository</module> | ||
</modules> | ||
|
||
<build> | ||
<plugins> | ||
<plugin> | ||
<groupId>org.eclipse.tycho</groupId> | ||
<artifactId>tycho-maven-plugin</artifactId> | ||
<version>${tycho-version}</version> | ||
<extensions>true</extensions> | ||
</plugin> | ||
<plugin> | ||
<groupId>org.eclipse.tycho</groupId> | ||
<artifactId>target-platform-configuration</artifactId> | ||
<version>${tycho-version}</version> | ||
<configuration> | ||
<target> | ||
<file>../target-definition.target</file> | ||
</target> | ||
</configuration> | ||
</plugin> | ||
<plugin> | ||
<groupId>org.cyclonedx</groupId> | ||
<artifactId>cyclonedx-maven-plugin</artifactId> | ||
<version>2.7.9</version> | ||
<configuration> | ||
<includeTestScope>true</includeTestScope> | ||
</configuration> | ||
<executions> | ||
<execution> | ||
<goals> | ||
<goal>makeBom</goal> | ||
</goals> | ||
</execution> | ||
</executions> | ||
<dependencies> | ||
<dependency> | ||
<groupId>org.eclipse.tycho</groupId> | ||
<artifactId>tycho-sbom</artifactId> | ||
<version>${tycho-version}</version> | ||
</dependency> | ||
</dependencies> | ||
</plugin> | ||
</plugins> | ||
<pluginManagement> | ||
<plugins> | ||
<plugin> | ||
<groupId>org.eclipse.tycho</groupId> | ||
<artifactId>tycho-p2-director-plugin</artifactId> | ||
<version>${tycho-version}</version> | ||
</plugin> | ||
</plugins> | ||
</pluginManagement> | ||
</build> | ||
</project> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<?pde version="3.5"?> | ||
|
||
<product uid="example" version="1.0.0.20240107" type="mixed" includeLaunchers="true" autoIncludeRequirements="false"> | ||
|
||
<configIni use="default"> | ||
</configIni> | ||
|
||
<launcherArgs> | ||
<vmArgsMac>-XstartOnFirstThread -Dorg.eclipse.swt.internal.carbon.smallFonts | ||
</vmArgsMac> | ||
</launcherArgs> | ||
|
||
<plugins> | ||
<plugin id="example.plugin"/> | ||
<plugin id="org.eclipse.core.databinding"/> | ||
<plugin id="org.eclipse.core.databinding.beans"/> | ||
<plugin id="org.eclipse.core.databinding.observable"/> | ||
<plugin id="org.eclipse.core.databinding.property"/> | ||
<plugin id="org.eclipse.equinox.common"/> | ||
<plugin id="org.eclipse.osgi"/> | ||
</plugins> | ||
|
||
<features> | ||
<feature id="example.feature" installMode="root"/> | ||
</features> | ||
|
||
|
||
</product> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<site> | ||
<feature id="example.feature"/> | ||
<bundle id="example.plugin"/> | ||
</site> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<?xml version="1.0" encoding="UTF-8" standalone="no"?> | ||
<?pde version="3.8"?> | ||
<target name="target-definition"> | ||
<locations> | ||
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="planner" includeSource="true" type="InstallableUnit"> | ||
<repository location="https://download.eclipse.org/releases/2023-12/"/> | ||
<unit id="org.eclipse.sdk.feature.group" version="0.0.0"/> | ||
<unit id="org.eclipse.equinox.sdk.feature.group" version="0.0.0"/> | ||
</location> | ||
</locations> | ||
</target> |
159 changes: 159 additions & 0 deletions
159
tycho-its/src/test/java/org/eclipse/tycho/test/reactor/SBOMCreationTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,159 @@ | ||
/******************************************************************************* | ||
* Copyright (c) 2024 Patrick Ziegler and others. | ||
* This program and the accompanying materials | ||
* are made available under the terms of the Eclipse Public License 2.0 | ||
* which accompanies this distribution, and is available at | ||
* https://www.eclipse.org/legal/epl-2.0/ | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
* | ||
* Contributors: | ||
* Patrick Ziegler - initial API and implementation | ||
*******************************************************************************/ | ||
package org.eclipse.tycho.test.reactor; | ||
|
||
import static org.junit.Assert.fail; | ||
import static org.junit.jupiter.api.Assertions.assertEquals; | ||
|
||
import java.io.File; | ||
import java.net.URLDecoder; | ||
import java.nio.charset.StandardCharsets; | ||
import java.util.List; | ||
import java.util.function.Predicate; | ||
|
||
import org.apache.maven.it.Verifier; | ||
import org.cyclonedx.exception.ParseException; | ||
import org.cyclonedx.model.Bom; | ||
import org.cyclonedx.model.Dependency; | ||
import org.cyclonedx.parsers.Parser; | ||
import org.cyclonedx.parsers.XmlParser; | ||
import org.eclipse.tycho.test.AbstractTychoIntegrationTest; | ||
import org.junit.Before; | ||
import org.junit.Test; | ||
|
||
public class SBOMCreationTest extends AbstractTychoIntegrationTest { | ||
|
||
private Verifier verifier; | ||
|
||
@Before | ||
public void setUp() throws Exception { | ||
verifier = getVerifier("sbom", false); | ||
} | ||
|
||
@Test | ||
public void testBuildVerify() throws Exception { | ||
verifier.executeGoal("verify"); | ||
verifyErrorFreeLog(verifier); | ||
verifyBundle("example.plugin"); | ||
verifyFeature("example.feature"); | ||
verifyRepository("repository"); | ||
verifyProduct("product"); | ||
} | ||
|
||
private void verifyBundle(String projectName) throws Exception { | ||
String bomPath = getBomPath(projectName); | ||
verifier.verifyFilePresent(bomPath); | ||
|
||
Bom bom = getBom(bomPath); | ||
List<Dependency> dependencies = bom.getDependencies(); | ||
assertPluginDependencies(dependencies); | ||
assertEquals(dependencies.size(), 7); | ||
} | ||
|
||
private void verifyFeature(String projectName) throws Exception { | ||
String bomPath = getBomPath(projectName); | ||
verifier.verifyFilePresent(bomPath); | ||
|
||
Bom bom = getBom(bomPath); | ||
List<Dependency> dependencies = bom.getDependencies(); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=org.eclipse.update.feature&location=https://www.example.p2.repo/"); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=osgi.bundle&location=https://www.example.p2.repo/"); | ||
assertPluginDependencies(dependencies); | ||
assertEquals(dependencies.size(), 8); | ||
} | ||
|
||
private void verifyRepository(String projectName) throws Exception { | ||
String bomPath = getBomPath(projectName); | ||
verifier.verifyFilePresent(bomPath); | ||
|
||
Bom bom = getBom(bomPath); | ||
List<Dependency> dependencies = bom.getDependencies(); | ||
assertDependency(dependencies, | ||
"pkg:maven/tycho-demo/[email protected]?type=eclipse-repository"); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=org.eclipse.update.feature&location=https://www.example.p2.repo/"); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=osgi.bundle&location=https://www.example.p2.repo/"); | ||
assertPluginDependencies(dependencies); | ||
assertEquals(dependencies.size(), 9); | ||
|
||
} | ||
|
||
private void verifyProduct(String projectName) throws Exception { | ||
String bomPath = getBomPath(projectName); | ||
verifier.verifyFilePresent(bomPath); | ||
|
||
Bom bom = getBom(bomPath); | ||
List<Dependency> dependencies = bom.getDependencies(); | ||
assertDependency(dependencies, // | ||
"pkg:maven/tycho-demo/[email protected]?type=eclipse-repository"); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=org.eclipse.update.feature&location=https://www.example.p2.repo/"); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=osgi.bundle&location=https://www.example.p2.repo/"); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=osgi.bundle&location=https://download.eclipse.org/releases/2023-12/"); | ||
assertDependency(dependencies, | ||
"pkg:p2/org.eclipse.equinox.launcher.gtk.linux.x86_64@1.2.800.v20231003-1442?classifier=osgi.bundle&location=https://download.eclipse.org/releases/2023-12/"); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=org.eclipse.update.feature&location=https://download.eclipse.org/releases/2023-12/"); | ||
assertDependency(dependencies, | ||
"pkg:maven/p2.p2.installable.unit/org.eclipse.equinox.executable_root.gtk.linux.x86_64@3.8.2300.v20231106-1826?type=p2-installable-unit"); | ||
assertPluginDependencies(dependencies); | ||
assertEquals(dependencies.size(), 13); | ||
} | ||
|
||
/** | ||
* Tycho dependencies are flat. Therefore all artifacts depending on the test | ||
* plugin also depend on its required bundles. | ||
* | ||
* @param dependencies A list of all BOM dependencies of the current artifact. | ||
*/ | ||
private void assertPluginDependencies(List<Dependency> dependencies) { | ||
// Tycho dependencies are flat | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=osgi.bundle&location=https://download.eclipse.org/releases/2023-12/"); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=osgi.bundle&location=https://download.eclipse.org/releases/2023-12/"); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=osgi.bundle&location=https://download.eclipse.org/releases/2023-12/"); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=osgi.bundle&location=https://download.eclipse.org/releases/2023-12/"); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=osgi.bundle&location=https://download.eclipse.org/releases/2023-12/"); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=osgi.bundle&location=https://download.eclipse.org/releases/2023-12/"); | ||
assertDependency(dependencies, | ||
"pkg:p2/[email protected]?classifier=osgi.bundle&location=https://download.eclipse.org/releases/2023-12/"); | ||
} | ||
|
||
private void assertDependency(List<Dependency> dependencies, String ref) { | ||
Predicate<Dependency> matcher = dependency -> URLDecoder.decode(dependency.getRef(), StandardCharsets.UTF_8) | ||
.equals(ref); | ||
if (dependencies.stream().noneMatch(matcher)) { | ||
fail("No dependency found matching: " + ref); | ||
} | ||
} | ||
|
||
private String getBomPath(String projectName) { | ||
return projectName + "/target/bom.xml"; | ||
} | ||
|
||
private Bom getBom(String bomPath) throws ParseException { | ||
Parser parser = new XmlParser(); | ||
File bom = new File(verifier.getBasedir(), bomPath); | ||
return parser.parse(bom); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
eclipse.preferences.version=1 | ||
org.eclipse.jdt.core.compiler.codegen.targetPlatform=17 | ||
org.eclipse.jdt.core.compiler.compliance=17 | ||
org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled | ||
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning | ||
org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore | ||
org.eclipse.jdt.core.compiler.release=disabled | ||
org.eclipse.jdt.core.compiler.source=17 |
Oops, something went wrong.