Add SBOM generation to release script

CMakeLists.txt

@@ -268,8 +268,12 @@ endif()
 include(SBOM)
 
 if (WIN32)
+  option(WITH_SBOM "Enable generation of BSOM when using MSYS2/MinGW" OFF)
   file(WRITE "${EXTERNAL_SBOM_FILE}" "")
-  file(APPEND "${EXTERNAL_SBOM_FILE}" "semver,v0.3.1,MIT,Semantic Versioning for modern C++,https://github.com/Neargye/semver\n") # from unfold
+  if (WITH_SBOM)
+    set (HAVE_SBOM ON)
+    file(APPEND "${EXTERNAL_SBOM_FILE}" "semver,v0.3.1,MIT,Semantic Versioning for modern C++,https://github.com/Neargye/semver\n") # from unfold
+  endif()
 endif()
 
 #----------------------------------------------------------------------------------------------------

tools/ci/build.sh

@@ -155,6 +155,12 @@ fi
 baseFilename=workrave-${baseFilenamePostfix}
 mkdir -p ${DEPLOY_DIR}
 
+if [ -n "$CONF_SBOM" ]; then
+    echo "Generating SBOM"
+    source ${SCRIPTS_DIR}/local/sbom.sh
+    sbom
+fi
+
 # Source tarball
 if [ -n "${CONF_SOURCE_TARBALL}" ]; then
     git -C ${SOURCES_DIR} archive --prefix=${baseFilenamePostfix}/ HEAD | xz >${DEPLOY_DIR}/${baseFilename}.tar.xz

tools/local/release-windows.sh

@@ -77,6 +77,7 @@ build() {
     export CONF_CONFIGURATION=Release
     export WORKRAVE_JOB_INDEX=1
     export CONF_SOURCE_TARBALL=1
+    export CONF_SBOM=${DOSBOM}
     export CONF_ENABLE="TESTS,AUTO_UPDATE"
     $SCRIPTS_DIR/ci/build.sh
 
@@ -164,6 +165,7 @@ parse_arguments() {
 
     export CHANNEL=stable
     export SCRIPTS_DIR=${WORKSPACE}/source/tools/
+    export DOSBOM=
     export DODEBUG=
     export DRYRUN=
     export WORKRAVE_OVERRIDE_GIT_VERSION=
@@ -174,8 +176,11 @@ parse_arguments() {
     export ARTIFACT_ENV=
     export GITHUB_NOUPLOAD=
 
-    while getopts "c:C:D:dr:R:S:st:TW:" o; do
+    while getopts "Bc:C:D:dr:R:S:st:TW:" o; do
         case "${o}" in
+        B)
+            DOSBOM=1
+            ;;
         c)
             CHANNEL="${OPTARG}"
             ;;

tools/local/sbom.sh

@@ -1,15 +1,18 @@
 #!/bin/bash
 
-WORKSPACE_DIR=$(pwd)
-BUILD_DIR=${WORKSPACE_DIR}/_build
-DEPLOY_DIR=${WORKSPACE_DIR}/_deploy
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+  WORKSPACE_DIR=$(pwd)
+  BUILD_DIR=${WORKSPACE_DIR}/_build
+  DEPLOY_DIR=${WORKSPACE_DIR}/_deploy
+fi
 
 INSTALLERS_FILE="$BUILD_DIR/installers.txt"
 RUNTIME_INSTALLERS_FILE="$BUILD_DIR/runtime_installers.txt"
 RUNTIME32_INSTALLERS_FILE="$BUILD_DIR/.32/runtime32_installers.txt"
 MSYS_INSTALLERS_FILE="$BUILD_DIR/msys_installers.txt"
 MSYS_PACKAGES_FILE="$BUILD_DIR/msys_packages.txt"
-SBOM_FILE="$BUILD_DIR/sbom.csv"
+EXTERNAL_SBOM_FILE="$BUILD_DIR/external-sbom.csv"
+SBOM_FILE="$DEPLOY_DIR/sbom.csv"
 
 >${MSYS_INSTALLERS_FILE}
 
@@ -171,7 +174,8 @@ sbom_create_sbom() {
     echo "$package_name,$package_version,$license,$description,$url" >> $SBOM_FILE
 
   done < "$MSYS_PACKAGES_FILE"
-  cat $BUILD_DIR/external-sbom.csv >> $SBOM_FILE
+
+  cat $EXTERNAL_SBOM_FILE >> $SBOM_FILE
   echo "SBOM generated: $SBOM_FILE"
 }
 
@@ -185,4 +189,6 @@ sbom() {
   sbom_create_sbom
 }
 
-sbom
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+  sbom
+fi

ui/app/toolkits/gtkmm/dist/windows/PrepareInnoSetup.cmake

@@ -25,6 +25,11 @@ foreach(file ${FILES32BIT})
 endforeach()
 
 if (HAVE_CRASHPAD)
-file(APPEND ${LIBS_ISS} "\n; Crashpad\n")
+  file(APPEND ${LIBS_ISS} "\n; Crashpad\n")
   file(APPEND ${LIBS_ISS} "Source: \"${INSTALL_WIN_PATH}\\${BINDIR}\\WorkraveCrashHandler.exe\"; DestDir: \"{app}\\${BINDIR}\"; DestName: \"WorkraveCrashHandler.exe\"; Flags: ignoreversion;\n")
 endif()
+
+if (HAVE_CRASHPAD)
+  file(APPEND ${LIBS_ISS} "\n; SBOM\n")
+  file(APPEND ${LIBS_ISS} "Source: \"${INSTALL_WIN_PATH}\\sbom.csv\"; DestDir: \"{app}\"; Flags: ignoreversion;\n")
+endif()