MBT Support SBom Generation (SAP#1046)

* modified:   cmd/cmd.go
	modified:   cmd/cmd_test.go
	modified:   cmd/init.go
	modified:   cmd/init_test.go
	new file:   cmd/sbom.go
	new file:   cmd/sbom_test.go
	modified:   configs/builder_type_cfg.yaml
	modified:   internal/archive/fsops.go
	modified:   internal/archive/mta_location.go
	modified:   internal/artifacts/artifacts_msg.go
	modified:   internal/artifacts/project.go
	modified:   internal/artifacts/project_test.go
	new file:   internal/artifacts/sbom.go
	new file:   internal/artifacts/sbom_test.go
	modified:   internal/commands/commands.go
	modified:   internal/commands/commands_msg.go
	modified:   internal/platform/model.go
	modified:   internal/tpl/base_args.txt
	modified:   internal/tpl/base_post.txt

* modified:   internal/artifacts/sbom_test.go
	modified:   internal/commands/builder_type_cfg.go
	modified:   internal/tpl/base_args.go
	modified:   internal/tpl/base_post.go

* modified:   internal/artifacts/sbom_test.go

* modified:   cmd/cmd.go
	modified:   cmd/init_test.go
	modified:   cmd/sbom.go
	modified:   cmd/sbom_test.go
	modified:   internal/artifacts/project.go
	modified:   internal/artifacts/sbom.go
	modified:   internal/artifacts/sbom_test.go
	modified:   internal/tpl/base_post.go
	modified:   internal/tpl/base_post.txt

* modified:   cmd/init_test.go
	modified:   cmd/sbom_test.go
	modified:   internal/artifacts/sbom.go
	modified:   internal/artifacts/sbom_test.go

* modified:   cmd/init.go
	modified:   cmd/init_test.go
	modified:   cmd/sbom.go
	modified:   cmd/sbom_test.go
	modified:   internal/artifacts/sbom.go
	modified:   internal/artifacts/sbom_test.go
	modified:   internal/commands/commands.go

* modified:   internal/artifacts/artifacts_msg.go
	modified:   internal/artifacts/sbom.go
	modified:   internal/commands/commands.go

* new file:   cmd/testdata/mta-sbom/golang/go.mod
	new file:   cmd/testdata/mta-sbom/golang/go.sum
	new file:   cmd/testdata/mta-sbom/golang/handlers/assets.go
	new file:   cmd/testdata/mta-sbom/golang/handlers/env.go
	new file:   cmd/testdata/mta-sbom/golang/handlers/exit.go
	new file:   cmd/testdata/mta-sbom/golang/handlers/handlers.go
	new file:   cmd/testdata/mta-sbom/golang/handlers/hello.go
	new file:   cmd/testdata/mta-sbom/golang/handlers/index.go
	new file:   cmd/testdata/mta-sbom/golang/handlers/port.go
	new file:   cmd/testdata/mta-sbom/golang/helpers/fetch_index.go
	new file:   cmd/testdata/mta-sbom/golang/main.go
	new file:   cmd/testdata/mta-sbom/golang/routes/routes.go
	new file:   cmd/testdata/mta-sbom/java/package-lock.json
	new file:   cmd/testdata/mta-sbom/java/pom.xml
	new file:   cmd/testdata/mta-sbom/java/src/main/java/com/sap/mta/example/Backend.java
	new file:   cmd/testdata/mta-sbom/java/src/main/webapp/WEB-INF/web.xml
	new file:   cmd/testdata/mta-sbom/mta.yaml
	new file:   cmd/testdata/mta-sbom/nodejs/node-js/gulpfile.js
	new file:   cmd/testdata/mta-sbom/nodejs/node-js/package.json
	new file:   cmd/testdata/mta-sbom/nodejs/node-js/server.js
	new file:   cmd/testdata/mta-sbom/nodejs/package-lock.json
	new file:   cmd/testdata/mta-sbom/nodejs/package.json
	modified:   internal/artifacts/artifacts_msg.go
	modified:   internal/artifacts/sbom.go
	modified:   internal/commands/commands.go
	modified:   internal/commands/commands_msg.go

* modified:   cmd/init.go

* modified:   internal/artifacts/project.go
	modified:   internal/artifacts/project_test.go
	deleted:    internal/artifacts/testdata/mtahtml5/.mtahtml5_mta_build_tmp/xs-security.json
	modified:   internal/commands/commands.go
	modified:   internal/tpl/base_args.go
	modified:   internal/tpl/base_args.txt

* modified:   .circleci/config.yml
	modified:   Dockerfile_mbtci_template
	modified:   Makefile
	modified:   cmd/cmd_test.go
	modified:   cmd/init_test.go
	modified:   cmd/sbom_test.go
	modified:   internal/artifacts/sbom.go
	modified:   internal/artifacts/sbom_test.go

* modified:   .circleci/config.yml
	modified:   Dockerfile_mbtci_template
	modified:   Makefile
	modified:   cmd/testdata/mta-sbom/golang/go.mod
	modified:   internal/commands/commands.go

* modified:   Makefile
	modified:   internal/artifacts/artifacts_msg.go
	modified:   internal/artifacts/sbom.go

* modified:   internal/commands/commands.go

* modified:   Makefile
	modified:   cmd/sbom_test.go
	modified:   internal/artifacts/sbom.go
	modified:   internal/artifacts/sbom_test.go

* modified:   internal/commands/commands.go

* modified:   cmd/testdata/mta-sbom/mta.yaml

* modified:   .circleci/config.yml
	modified:   Dockerfile_mbtci_template
	modified:   Makefile
	modified:   internal/commands/commands.go

* modified:   cmd/init_test.go
	modified:   integration/cloud_mta_build_tool_test.go

* modified:   Dockerfile_mbtci_template
	modified:   internal/commands/builder_type_cfg.go

* modified:   .circleci/config.yml
	modified:   Dockerfile_mbtci_template

* modified:   .circleci/config.yml
	modified:   Dockerfile_mbtci_template
	modified:   Makefile
	modified:   internal/commands/commands.go

* modified:   Dockerfile_mbtci_template

* modified:   Dockerfile_mbtci_template

* new file:   docs/docs/sbom-tools.md

* modified:   docs/docs/sbom-tools.md

* modified:   docs/docs/sbom-tools.md

* modified:   cmd/cmd.go
	modified:   cmd/init.go
	modified:   cmd/sbom.go

* modified:   docs/docs/usage.md

* modified:   docs/docs/usage.md

* modified:   docs/docs/whatsnew.md

* modified:   docs/docs/configuration.md

* modified:   docs/docs/whatsnew.md

* modified:   docs/docs/configuration.md
	modified:   docs/docs/whatsnew.md

* modified:   docs/docs/configuration.md

* modified:   docs/docs/configuration.md

* modified:   docs/docs/configuration.md

* modified:   docs/docs/configuration.md
	modified:   docs/docs/sbom-tools.md
	modified:   docs/docs/usage.md
	modified:   docs/docs/whatsnew.md

* modified:   docs/docs/configuration.md
	modified:   docs/docs/whatsnew.md

* modified:   docs/docs/whatsnew.md

---------

Co-authored-by: Young Yang <young.yang03@sap.com>

.circleci/config.yml

@@ -105,7 +105,55 @@ jobs:
           name: install dependencies
           command: |
             go mod vendor
-      - run: sudo chown circleci:circleci $GOPATH/bin
+      - run:
+          name: install node16 npm and npx
+          command: |
+            sudo apt-get update
+            curl -fsSL https://deb.nodesource.com/setup_16.x | sudo -E bash -
+            sudo apt-get install -y nodejs
+            echo "node version:"
+            node --version
+            echo "npm version:"
+            npm --version
+            echo "npx version:"
+            npx --version
+      - run:
+          name: install cyclonedx-cli
+          command: |
+            CYCLONEDX_CLI_VERSION=0.24.2
+            CYCLONEDX_BINARY_NAME=cyclonedx
+            CYCLONEDX_ARCH=x64
+            CYCLONEDX_OS=linux
+            curl -fsSLO --compressed "https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${CYCLONEDX_CLI_VERSION}/${CYCLONEDX_BINARY_NAME}-${CYCLONEDX_OS}-${CYCLONEDX_ARCH}"
+            chmod ug+rwx ${CYCLONEDX_BINARY_NAME}-${CYCLONEDX_OS}-${CYCLONEDX_ARCH}
+            cp ${CYCLONEDX_BINARY_NAME}-${CYCLONEDX_OS}-${CYCLONEDX_ARCH} ${GOPATH}/bin/${CYCLONEDX_BINARY_NAME}
+            echo "cyclonedx-cli --version:"
+            ${CYCLONEDX_BINARY_NAME} --version
+      - run:
+          name: install cyclonedx-gomod
+          command: |
+            echo "cyclonedx-gomod version"
+            go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
+            cyclonedx-gomod version
+      - run:
+          name: install cyclonedx-bom
+          command: |
+            CYCLONEDX_BOM_PACKAGE=cyclonedx-bom
+            CYCLONEDX_BOM_VERSION=0.0.9
+            CYCLONEDX_BOM_BINARY=cyclonedx-bom
+            npm install ${CYCLONEDX_BOM_PACKAGE}@${CYCLONEDX_BOM_VERSION} --no-save
+            echo "${CYCLONEDX_BOM_BINARY} -h"
+            npx ${CYCLONEDX_BOM_BINARY} -h
+      - run:
+          name: build mbt binary
+          command: |
+            BINARY_NAME=mbt
+            BUILD_DIR=release
+            CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ${BUILD_DIR}/${BINARY_NAME} -v
+            chmod ug+rwx ${BUILD_DIR}/${BINARY_NAME}
+            cp ${BUILD_DIR}/${BINARY_NAME} ${GOPATH}/bin/${BINARY_NAME}
+            ${BINARY_NAME} --version
+      - run: sudo chown circleci:circleci ${GOPATH}/bin
       - run: make tools
       - run: make lint
       - run:
@@ -793,22 +841,22 @@ workflows:
               only: /release/
             branches:
               ignore: /.*/
-      # - release-to-github:
-      #     requires:
-      #       - test
-      #     filters:
-      #       tags:
-      #         only: /release/
-      #       branches:
-      #         ignore: /.*/
-      - publish-to-npm:
+      - release-to-github:
           requires:
             - test
           filters:
             tags:
               only: /release/
             branches:
               ignore: /.*/
+      - publish-to-npm:
+          requires:
+            - release-to-github
+          filters:
+            tags:
+              only: /release/
+            branches:
+              ignore: /.*/
       - publish-to-dockerhub-java8-node14:
           requires:
             - publish-to-npm