From a5f767832a8e7a4832249576318820481beb6069 Mon Sep 17 00:00:00 2001 From: Carlos Alexandro Becker Date: Thu, 23 Nov 2023 17:40:25 -0300 Subject: [PATCH] SBOM improvements (#4430) refs https://github.com/orgs/goreleaser/discussions/4425 --- internal/pipe/sbom/sbom.go | 9 ++++++++- internal/pipe/sbom/sbom_test.go | 27 ++++++++++++++++++++------- www/docs/customization/sbom.md | 4 ++-- 3 files changed, 30 insertions(+), 10 deletions(-) diff --git a/internal/pipe/sbom/sbom.go b/internal/pipe/sbom/sbom.go index b0493751d1e..8e713e3a9fb 100644 --- a/internal/pipe/sbom/sbom.go +++ b/internal/pipe/sbom/sbom.go @@ -72,7 +72,7 @@ func setConfigDefaults(cfg *config.SBOM) error { } if cfg.Cmd == "syft" { if len(cfg.Args) == 0 { - cfg.Args = []string{"$artifact", "--file", "$document", "--output", "spdx-json"} + cfg.Args = []string{"$artifact", "--output", "spdx-json=$document"} } if len(cfg.Env) == 0 && (cfg.Artifacts == "source" || cfg.Artifacts == "archive") { cfg.Env = []string{ @@ -131,6 +131,9 @@ func catalogTask(ctx *context.Context, cfg config.SBOM) func() error { filters = append(filters, artifact.ByIDs(cfg.IDs...)) } artifacts := ctx.Artifacts.Filter(artifact.And(filters...)).List() + if len(artifacts) == 0 { + log.Warn("no artifacts matching current filters") + } return catalog(ctx, cfg, artifacts) } } @@ -240,6 +243,10 @@ func catalogArtifact(ctx *context.Context, cfg config.SBOM, a *artifact.Artifact } + if len(artifacts) == 0 { + return nil, fmt.Errorf("cataloging artifacts: command did not write any files, check your configuration") + } + return artifacts, nil } diff --git a/internal/pipe/sbom/sbom_test.go b/internal/pipe/sbom/sbom_test.go index 60643857bee..a2f4d2b328d 100644 --- a/internal/pipe/sbom/sbom_test.go +++ b/internal/pipe/sbom/sbom_test.go @@ -24,7 +24,7 @@ func TestDescription(t *testing.T) { } func TestSBOMCatalogDefault(t *testing.T) { - defaultArgs := []string{"$artifact", "--file", "$document", "--output", "spdx-json"} + defaultArgs := []string{"$artifact", "--output", "spdx-json=$document"} defaultSboms := []string{ "{{ .ArtifactName }}.sbom", } @@ -307,10 +307,8 @@ func TestSBOMCatalogArtifacts(t *testing.T) { { Artifacts: "any", Args: []string{ - "--file", - "$document0", "--output", - "spdx-json", + "spdx-json=$document0", "artifact5.tar.gz", }, Documents: []string{ @@ -377,10 +375,8 @@ func TestSBOMCatalogArtifacts(t *testing.T) { { Artifacts: "binary", Args: []string{ - "--file", - "$document", "--output", - "spdx-json", + "spdx-json=$document", "$artifact", }, Documents: []string{ @@ -413,6 +409,23 @@ func TestSBOMCatalogArtifacts(t *testing.T) { }), expectedErrMsg: "cataloging artifacts: false failed: exit status 1: ", }, + { + desc: "catalog wrong command", + ctx: testctx.NewWithCfg(config.Project{ + SBOMs: []config.SBOM{ + {Args: []string{"$artifact", "--file", "$sbom", "--output", "spdx-json"}}, + }, + }), + expectedErrMsg: "cataloging artifacts: command did not write any files, check your configuration", + }, + { + desc: "no matches", + ctx: testctx.NewWithCfg(config.Project{ + SBOMs: []config.SBOM{ + {IDs: []string{"nopenopenope"}}, + }, + }), + }, } for _, test := range tests { diff --git a/www/docs/customization/sbom.md b/www/docs/customization/sbom.md index 09971c22e6c..36741edbda9 100644 --- a/www/docs/customization/sbom.md +++ b/www/docs/customization/sbom.md @@ -63,9 +63,9 @@ sboms: # Command line arguments for the command # - # Default: ["$artifact", "--file", "$document", "--output", "spdx-json"] + # Default: ["$artifact", "--output", "spdx-json=$document"] # Templates: allowed - args: ["$artifact", "--file", "$sbom", "--output", "spdx-json"] + args: ["$artifact", "--output", "cyclonedx-json:$document"] # List of environment variables that will be passed to the SBOM command as # well as the templates.