Generate software bill of materials as part of the package builds. #3702

pgadmin-org · Aug 3, 2023 · 48bfc66 · 48bfc66
1 parent 1a7a23d
commit 48bfc66
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 1 deletion.
diff --git a/Make.bat b/Make.bat
@@ -27,6 +27,7 @@ CALL :CREATE_VIRTUAL_ENV || EXIT /B 1
 CALL :CREATE_PYTHON_ENV || EXIT /B 1
 CALL :CREATE_RUNTIME_ENV || EXIT /B 1
 CALL :CREATE_INSTALLER || EXIT /B 1
+CALL :GENERATE_SBOM || EXIT /B 1
 CALL :SIGN_INSTALLER || EXIT /B 1
 
 EXIT /B %ERRORLEVEL%
@@ -355,6 +356,9 @@ REM Main build sequence Ends
     CD %WD%
     EXIT /B 0
 
+:GENERATE_SBOM
+    ECHO Generating SBOM...
+    syft "%DISTROOT%\" -o cyclonedx-json > "%DISTROOT%\cyclonedx.json"
 
 :SIGN_INSTALLER
     ECHO Attempting to sign the installer...

diff --git a/docs/en_US/release_notes_7_6.rst b/docs/en_US/release_notes_7_6.rst
@@ -33,6 +33,7 @@ Housekeeping
 ************
 
   | `Issue #6588 <https://github.com/pgadmin-org/pgadmin4/issues/6588>`_ -  Added support for PostgreSQL and EPAS 16 to ensure it works without any errors.
+  | `Issue #3702 <https://github.com/pgadmin-org/pgadmin4/issues/3702>`_ -  Generate software bill of materials as part of the package builds.
 
 Bug fixes
 *********

diff --git a/pkg/debian/build.sh b/pkg/debian/build.sh
@@ -22,6 +22,7 @@ _create_python_virtualenv "debian"
 _build_runtime
 _build_docs "debian"
 _copy_code
+_generate_sbom
 
 #
 # Server package

diff --git a/pkg/linux/build-functions.sh b/pkg/linux/build-functions.sh
@@ -244,3 +244,11 @@ _copy_code() {
     rm python3 && ln -s "${PYTHON_INTERPRETER}" python3
 }
 
+
+_generate_sbom() {
+   echo "Generating SBOMs..."
+   # Note that we don't generate an SBOM for the Meta package as it doesn't contain any files.
+   syft "${SERVERROOT}/" -o cyclonedx-json > "${SERVERROOT}/usr/${APP_NAME}/sbom-server.json"
+   syft "${DESKTOPROOT}/" -o cyclonedx-json > "${DESKTOPROOT}/usr/${APP_NAME}/sbom-desktop.json"
+   syft "${WEBROOT}/" -o cyclonedx-json > "${WEBROOT}/usr/${APP_NAME}/sbom-web.json"
+}
diff --git a/pkg/mac/build-functions.sh b/pkg/mac/build-functions.sh
@@ -320,6 +320,11 @@ _complete_bundle() {
     chmod -R og-w "${BUNDLE_DIR}"
 }
 
+_generate_sbom() {
+   echo "Generating SBOM..."
+   syft "${BUNDLE_DIR}/Contents/" -o cyclonedx-json > "${BUNDLE_DIR}/Contents/cyclonedx.json"
+}
+
 _codesign_binaries() {
     if [ "${CODESIGN}" -eq 0 ]; then
         return
@@ -485,4 +490,4 @@ _notarize_pkg() {
     fi
 
     echo "Notarization completed successfully."
-}
+}
diff --git a/pkg/mac/build.sh b/pkg/mac/build.sh
@@ -66,6 +66,7 @@ _build_runtime
 _create_python_env
 _build_docs
 _complete_bundle
+_generate_sbom
 _codesign_binaries
 _codesign_bundle
 _create_dmg

diff --git a/pkg/redhat/build.sh b/pkg/redhat/build.sh
@@ -26,6 +26,7 @@ _create_python_virtualenv "redhat"
 _build_runtime
 _build_docs "redhat"
 _copy_code
+_generate_sbom
 
 # Get an RPM-compatible version number
 RPM_VERSION=${APP_RELEASE}.${APP_REVISION}