From 3ca6fc3a8aa525a2e038833d7051bc773c67120c Mon Sep 17 00:00:00 2001 From: Joel Rudsberg Date: Mon, 3 Mar 2025 11:00:17 +0100 Subject: [PATCH] SBOM: Ensure 'java-version' is persisted to post-run phase --- __tests__/sbom.test.ts | 5 +++++ dist/cleanup/index.js | 29 +++++++++++++++-------------- dist/main/index.js | 29 +++++++++++++++-------------- src/features/sbom.ts | 30 +++++++++++++++--------------- 4 files changed, 50 insertions(+), 43 deletions(-) diff --git a/__tests__/sbom.test.ts b/__tests__/sbom.test.ts index 8612747..684a6a1 100644 --- a/__tests__/sbom.test.ts +++ b/__tests__/sbom.test.ts @@ -145,6 +145,7 @@ describe('sbom feature', () => { writeFileSync(sbomPath, JSON.stringify(sbom, null, 2)) mockFindSBOM([sbomPath]) + jest.spyOn(core, 'getState').mockReturnValue(javaVersion) await processSBOM() } @@ -190,6 +191,10 @@ describe('sbom feature', () => { ] } + it('should throw an error if setUpSBOMSupport was not called before processSBOM', async () => { + await expect(processSBOM()).rejects.toThrow('setUpSBOMSupport must be called before processSBOM') + }) + it('should process SBOM and display components', async () => { await setUpAndProcessSBOM(sampleSBOM) diff --git a/dist/cleanup/index.js b/dist/cleanup/index.js index 66da8d8..03a4117 100644 --- a/dist/cleanup/index.js +++ b/dist/cleanup/index.js @@ -78738,36 +78738,37 @@ const utils_1 = __nccwpck_require__(1798); const INPUT_NI_SBOM = 'native-image-enable-sbom'; const SBOM_FILE_SUFFIX = '.sbom.json'; const MIN_JAVA_VERSION = '24.0.0'; -let javaVersionOrLatestEA = null; -function setUpSBOMSupport(javaVersionOrDev, distribution) { +const javaVersionKey = 'javaVersionKey'; +function setUpSBOMSupport(javaVersion, distribution) { if (!isFeatureEnabled()) { return; } - validateJavaVersionAndDistribution(javaVersionOrDev, distribution); - javaVersionOrLatestEA = javaVersionOrDev; - (0, utils_1.setNativeImageOption)(javaVersionOrLatestEA, '--enable-sbom=export'); + validateJavaVersionAndDistribution(javaVersion, distribution); + core.saveState(javaVersionKey, javaVersion); + (0, utils_1.setNativeImageOption)(javaVersion, '--enable-sbom=export'); core.info('Enabled SBOM generation for Native Image build'); } -function validateJavaVersionAndDistribution(javaVersionOrDev, distribution) { +function validateJavaVersionAndDistribution(javaVersion, distribution) { if (distribution !== c.DISTRIBUTION_GRAALVM) { throw new Error(`The '${INPUT_NI_SBOM}' option is only supported for Oracle GraalVM (distribution '${c.DISTRIBUTION_GRAALVM}'), but found distribution '${distribution}'.`); } - if (javaVersionOrDev === 'dev') { + if (javaVersion === 'dev') { throw new Error(`The '${INPUT_NI_SBOM}' option is not supported for java-version 'dev'.`); } - if (javaVersionOrDev === 'latest-ea') { + if (javaVersion === 'latest-ea') { return; } - const coercedJavaVersion = semver.coerce(javaVersionOrDev); + const coercedJavaVersion = semver.coerce(javaVersion); if (!coercedJavaVersion || semver.gt(MIN_JAVA_VERSION, coercedJavaVersion)) { - throw new Error(`The '${INPUT_NI_SBOM}' option is only supported for GraalVM for JDK ${MIN_JAVA_VERSION} or later, but found java-version '${javaVersionOrDev}'.`); + throw new Error(`The '${INPUT_NI_SBOM}' option is only supported for GraalVM for JDK ${MIN_JAVA_VERSION} or later, but found java-version '${javaVersion}'.`); } } async function processSBOM() { if (!isFeatureEnabled()) { return; } - if (javaVersionOrLatestEA === null) { + const javaVersion = core.getState(javaVersionKey); + if (!javaVersion) { throw new Error('setUpSBOMSupport must be called before processSBOM'); } const sbomPath = await findSBOMFilePath(); @@ -78776,7 +78777,7 @@ async function processSBOM() { const sbomData = parseSBOM(sbomContent); const components = mapToComponentsWithDependencies(sbomData); printSBOMContent(components); - const snapshot = convertSBOMToSnapshot(sbomPath, components); + const snapshot = convertSBOMToSnapshot(javaVersion, sbomPath, components); await submitDependencySnapshot(snapshot); } catch (error) { @@ -78833,7 +78834,7 @@ function printSBOMContent(components) { } core.info('=================='); } -function convertSBOMToSnapshot(sbomPath, components) { +function convertSBOMToSnapshot(javaVersion, sbomPath, components) { const context = github.context; const sbomFileName = (0, path_1.basename)(sbomPath); if (!sbomFileName.endsWith(SBOM_FILE_SUFFIX)) { @@ -78850,7 +78851,7 @@ function convertSBOMToSnapshot(sbomPath, components) { }, detector: { name: 'Oracle GraalVM', - version: javaVersionOrLatestEA ?? '', + version: javaVersion, url: 'https://www.graalvm.org/' }, scanned: new Date().toISOString(), diff --git a/dist/main/index.js b/dist/main/index.js index e5218fe..f34454d 100644 --- a/dist/main/index.js +++ b/dist/main/index.js @@ -78852,36 +78852,37 @@ const utils_1 = __nccwpck_require__(1798); const INPUT_NI_SBOM = 'native-image-enable-sbom'; const SBOM_FILE_SUFFIX = '.sbom.json'; const MIN_JAVA_VERSION = '24.0.0'; -let javaVersionOrLatestEA = null; -function setUpSBOMSupport(javaVersionOrDev, distribution) { +const javaVersionKey = 'javaVersionKey'; +function setUpSBOMSupport(javaVersion, distribution) { if (!isFeatureEnabled()) { return; } - validateJavaVersionAndDistribution(javaVersionOrDev, distribution); - javaVersionOrLatestEA = javaVersionOrDev; - (0, utils_1.setNativeImageOption)(javaVersionOrLatestEA, '--enable-sbom=export'); + validateJavaVersionAndDistribution(javaVersion, distribution); + core.saveState(javaVersionKey, javaVersion); + (0, utils_1.setNativeImageOption)(javaVersion, '--enable-sbom=export'); core.info('Enabled SBOM generation for Native Image build'); } -function validateJavaVersionAndDistribution(javaVersionOrDev, distribution) { +function validateJavaVersionAndDistribution(javaVersion, distribution) { if (distribution !== c.DISTRIBUTION_GRAALVM) { throw new Error(`The '${INPUT_NI_SBOM}' option is only supported for Oracle GraalVM (distribution '${c.DISTRIBUTION_GRAALVM}'), but found distribution '${distribution}'.`); } - if (javaVersionOrDev === 'dev') { + if (javaVersion === 'dev') { throw new Error(`The '${INPUT_NI_SBOM}' option is not supported for java-version 'dev'.`); } - if (javaVersionOrDev === 'latest-ea') { + if (javaVersion === 'latest-ea') { return; } - const coercedJavaVersion = semver.coerce(javaVersionOrDev); + const coercedJavaVersion = semver.coerce(javaVersion); if (!coercedJavaVersion || semver.gt(MIN_JAVA_VERSION, coercedJavaVersion)) { - throw new Error(`The '${INPUT_NI_SBOM}' option is only supported for GraalVM for JDK ${MIN_JAVA_VERSION} or later, but found java-version '${javaVersionOrDev}'.`); + throw new Error(`The '${INPUT_NI_SBOM}' option is only supported for GraalVM for JDK ${MIN_JAVA_VERSION} or later, but found java-version '${javaVersion}'.`); } } async function processSBOM() { if (!isFeatureEnabled()) { return; } - if (javaVersionOrLatestEA === null) { + const javaVersion = core.getState(javaVersionKey); + if (!javaVersion) { throw new Error('setUpSBOMSupport must be called before processSBOM'); } const sbomPath = await findSBOMFilePath(); @@ -78890,7 +78891,7 @@ async function processSBOM() { const sbomData = parseSBOM(sbomContent); const components = mapToComponentsWithDependencies(sbomData); printSBOMContent(components); - const snapshot = convertSBOMToSnapshot(sbomPath, components); + const snapshot = convertSBOMToSnapshot(javaVersion, sbomPath, components); await submitDependencySnapshot(snapshot); } catch (error) { @@ -78947,7 +78948,7 @@ function printSBOMContent(components) { } core.info('=================='); } -function convertSBOMToSnapshot(sbomPath, components) { +function convertSBOMToSnapshot(javaVersion, sbomPath, components) { const context = github.context; const sbomFileName = (0, path_1.basename)(sbomPath); if (!sbomFileName.endsWith(SBOM_FILE_SUFFIX)) { @@ -78964,7 +78965,7 @@ function convertSBOMToSnapshot(sbomPath, components) { }, detector: { name: 'Oracle GraalVM', - version: javaVersionOrLatestEA ?? '', + version: javaVersion, url: 'https://www.graalvm.org/' }, scanned: new Date().toISOString(), diff --git a/src/features/sbom.ts b/src/features/sbom.ts index c25cacf..2d8da93 100644 --- a/src/features/sbom.ts +++ b/src/features/sbom.ts @@ -10,8 +10,7 @@ import { setNativeImageOption } from '../utils' const INPUT_NI_SBOM = 'native-image-enable-sbom' const SBOM_FILE_SUFFIX = '.sbom.json' const MIN_JAVA_VERSION = '24.0.0' - -let javaVersionOrLatestEA: string | null = null +const javaVersionKey = 'javaVersionKey' interface SBOM { components: Component[] @@ -67,36 +66,36 @@ interface DependencySnapshot { > } -export function setUpSBOMSupport(javaVersionOrDev: string, distribution: string): void { +export function setUpSBOMSupport(javaVersion: string, distribution: string): void { if (!isFeatureEnabled()) { return } - validateJavaVersionAndDistribution(javaVersionOrDev, distribution) - javaVersionOrLatestEA = javaVersionOrDev - setNativeImageOption(javaVersionOrLatestEA, '--enable-sbom=export') + validateJavaVersionAndDistribution(javaVersion, distribution) + core.saveState(javaVersionKey, javaVersion) + setNativeImageOption(javaVersion, '--enable-sbom=export') core.info('Enabled SBOM generation for Native Image build') } -function validateJavaVersionAndDistribution(javaVersionOrDev: string, distribution: string): void { +function validateJavaVersionAndDistribution(javaVersion: string, distribution: string): void { if (distribution !== c.DISTRIBUTION_GRAALVM) { throw new Error( `The '${INPUT_NI_SBOM}' option is only supported for Oracle GraalVM (distribution '${c.DISTRIBUTION_GRAALVM}'), but found distribution '${distribution}'.` ) } - if (javaVersionOrDev === 'dev') { + if (javaVersion === 'dev') { throw new Error(`The '${INPUT_NI_SBOM}' option is not supported for java-version 'dev'.`) } - if (javaVersionOrDev === 'latest-ea') { + if (javaVersion === 'latest-ea') { return } - const coercedJavaVersion = semver.coerce(javaVersionOrDev) + const coercedJavaVersion = semver.coerce(javaVersion) if (!coercedJavaVersion || semver.gt(MIN_JAVA_VERSION, coercedJavaVersion)) { throw new Error( - `The '${INPUT_NI_SBOM}' option is only supported for GraalVM for JDK ${MIN_JAVA_VERSION} or later, but found java-version '${javaVersionOrDev}'.` + `The '${INPUT_NI_SBOM}' option is only supported for GraalVM for JDK ${MIN_JAVA_VERSION} or later, but found java-version '${javaVersion}'.` ) } } @@ -106,7 +105,8 @@ export async function processSBOM(): Promise { return } - if (javaVersionOrLatestEA === null) { + const javaVersion = core.getState(javaVersionKey) + if (!javaVersion) { throw new Error('setUpSBOMSupport must be called before processSBOM') } @@ -116,7 +116,7 @@ export async function processSBOM(): Promise { const sbomData = parseSBOM(sbomContent) const components = mapToComponentsWithDependencies(sbomData) printSBOMContent(components) - const snapshot = convertSBOMToSnapshot(sbomPath, components) + const snapshot = convertSBOMToSnapshot(javaVersion, sbomPath, components) await submitDependencySnapshot(snapshot) } catch (error) { throw new Error( @@ -184,7 +184,7 @@ function printSBOMContent(components: Component[]): void { core.info('==================') } -function convertSBOMToSnapshot(sbomPath: string, components: Component[]): DependencySnapshot { +function convertSBOMToSnapshot(javaVersion: string, sbomPath: string, components: Component[]): DependencySnapshot { const context = github.context const sbomFileName = basename(sbomPath) @@ -203,7 +203,7 @@ function convertSBOMToSnapshot(sbomPath: string, components: Component[]): Depen }, detector: { name: 'Oracle GraalVM', - version: javaVersionOrLatestEA ?? '', + version: javaVersion, url: 'https://www.graalvm.org/' }, scanned: new Date().toISOString(),