oci-copy: rework SBOM generation, support SPDX #1816
Conversation
|
Uses my build of the sbom-utility-image for now. konflux-ci/build-tasks-dockerfiles#226 will need to be merged first. @ralphbean would you be able to test this? |
chmeliik
force-pushed
the
oci-copy-spdx
branch
from
5e0e711 to
0d6f54d
Compare
chmeliik
force-pushed
the
oci-copy-spdx
branch
from
0d6f54d to
9e9e4ac
Compare
Use scripts from https://github.com/konflux-ci/build-tasks-dockerfiles instead of the previous bash script. Signed-off-by: Adam Cmiel <[email protected]>
Add SBOM_TYPE param to allow choosing the SBOM format to generate. Defaults to cyclonedx for now. Signed-off-by: Adam Cmiel <[email protected]>
chmeliik
force-pushed
the
oci-copy-spdx
branch
from
9e9e4ac to
9f2b33b
Compare
|
Rebased on main, updated to released sbom-utility-scripts image |
|
Re-tested in ralphbean/merlinite-poc#17, still works |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
|
Failing on the EC pipeline
Which has happened at least twice now, but I was too late to see the logs and Tekton Results doesn't have the PipelineRun either 😞 |
|
/retest |
|
e2e-tests seem to be failing on this check, somehow https://github.com/konflux-ci/e2e-tests/blob/a0231e68fa09297514a239bbeb287a3e7d3811f8/tests/build/build_templates.go#L664. I'm fairly certain that's unrelated to the changes here, the oci-copy task doesn't have e2e tests anyway. |
|
Force-merging to avoid e2e-tests blocking the SPDX progress |
Depends on konflux-ci/build-tasks-dockerfiles#226