Commit 96ecdf58 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'msteiger1-master-patch-33b2' into 'master' 

feat: make SBOM plugin URL configurable

See merge request to-be-continuous/gradle!52
parents 95d025ec 67e5440a

README.md

+1 −0
Original line number Diff line number Diff line
@@ -270,6 +270,7 @@ It is bound to the `test` stage, and uses the following variables: 
| --------------------- | -------------------------------------- | ----------------- |

| `sbom-disabled` / `GRADLE_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |

| `sbom-version` / `GRADLE_SBOM_VERSION` | Version of the `cyclonedx-gradle-plugin` used for SBOM analysis<br/>_When unset, the latest version will be used_ | _none_ |

| `maven-plugin-url` / `GRADLE_MAVEN_PLUGIN_URL` | Maven Repository that is used to download the `cyclonedx-gradle-plugin`. No trailing slash. | https://plugins.gradle.org/m2 |



This job injects cyclonedx plugin in your project. This can be disabled by defining the plugin in your `build.gradle` and setting  `$GRADLE_SBOM_VERSION` variable to `disabled`.

kicker.json

+5 −0
Original line number Diff line number Diff line
@@ -106,6 +106,11 @@ 
        {

          "name": "GRADLE_SBOM_VERSION",

          "description": "Version of the `cyclonedx-gradle-plugin` used for SBOM analysis.\n\n_When unset, the latest version will be used_"

        },

        {

          "name": "GRADLE_MAVEN_PLUGIN_URL",

          "description": "Maven Repository that is used to download the `cyclonedx-gradle-plugin`. No trailing slash.",

          "default": "https://plugins.gradle.org/m2"

        }

      ]

    },

templates/gitlab-ci-gradle.yml

+7 −2
Original line number Diff line number Diff line
@@ -70,6 +70,10 @@ spec: 


        _When unset, the latest version will be used_

      default: ''

    maven-plugin-url:

      description: |-

        Maven Repository that is used to download the `cyclonedx-gradle-plugin`. No trailing slash.

      default: 'https://plugins.gradle.org/m2'

    no-publish:

      description: Disable Publish (snapshot & release)

      type: boolean
@@ -149,6 +153,7 @@ variables: 
  GRADLE_NO_DEPENDENCY_CHECK: $[[ inputs.no-dependency-check ]]

  GRADLE_SBOM_DISABLED: $[[ inputs.sbom-disabled ]]

  GRADLE_SBOM_VERSION: $[[ inputs.sbom-version ]]

  GRADLE_MAVEN_PLUGIN_URL: $[[ inputs.maven-plugin-url ]]

  GRADLE_NO_PUBLISH: $[[ inputs.no-publish ]]

  GRADLE_PUBLISH_VERSION: $[[ inputs.publish-version ]]
@@ -511,7 +516,7 @@ gradle-sbom: 
        log_info "Using CycloneDX plugin from external configuration (version \\e[32m${GRADLE_SBOM_VERSION:-latest}\\e[0m)..."

        if [[ "${GRADLE_SBOM_VERSION:-latest}" == "latest" ]]

        then

          GRADLE_SBOM_VERSION=$(curl -sSf https://plugins.gradle.org/m2/org/cyclonedx/bom/org.cyclonedx.bom.gradle.plugin/maven-metadata.xml | awk 'match($0,"<latest>[^<]*</latest>") {print substr($0,RSTART+8,RLENGTH-17)}')

          GRADLE_SBOM_VERSION=$(curl -sSf "${GRADLE_MAVEN_PLUGIN_URL}/org/cyclonedx/bom/org.cyclonedx.bom.gradle.plugin/maven-metadata.xml" | awk 'match($0,"<latest>[^<]*</latest>") {print substr($0,RSTART+8,RLENGTH-17)}')

          log_info "... use CycloneDX latest version: \\e[32m$GRADLE_SBOM_VERSION\\e[0m"

        fi

        GRADLE_SBOM_OPTS="-I cyclonedx.init.gradle ${GRADLE_SBOM_OPTS}"
@@ -520,7 +525,7 @@ gradle-sbom: 
        buildscript {

            repositories {

                maven {

                    url "https://plugins.gradle.org/m2/"

                    url "${GRADLE_MAVEN_PLUGIN_URL}/"

                }

            }

            dependencies {