Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workaround for generating a SBOM manifest at the root level of the Nuget Package #656

Merged
merged 3 commits into from
Aug 9, 2024
Merged

Workaround for generating a SBOM manifest at the root level of the Nuget Package #656

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bae295f
Add buildMultiTargeting folder to the Nuget package
gustavoaca1997 Aug 8, 2024
f5b607e
Unzip and Zip again for including the SBOM into the Nuget package.
gustavoaca1997 Aug 8, 2024
d41d997
Append GUID to the temporary unzipped folder.
gustavoaca1997 Aug 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@
by convention, the .NET SDK will look for build\<Package Id>.props and build\<Package Id>.targets
for automatic inclusion in the build. -->
<Content Include="Microsoft.Sbom.Targets.targets" PackagePath="\build" />
<Content Include="Microsoft.Sbom.Targets.targets" PackagePath="\buildMultiTargeting" />
</ItemGroup>

<ItemGroup>
Expand Down
43 changes: 19 additions & 24 deletions src/Microsoft.Sbom.Targets/Microsoft.Sbom.Targets.targets
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,20 +20,12 @@
<ManifestFolderName>_manifest</ManifestFolderName>
<SbomSpecification>spdx_2.2</SbomSpecification>
</PropertyGroup>

<!-- Copy the SBOM files to each respective target framework folder within the .nupkg -->
<PropertyGroup>
<TargetsForTfmSpecificContentInPackage>
$(TargetsForTfmSpecificContentInPackage);CopySbomOutput
</TargetsForTfmSpecificContentInPackage>
</PropertyGroup>

<!--Based on the MSBuild runtime, GenerateSbom will either pull the GenerateSbomTask or SbomCLIToolTask logic-->
<UsingTask TaskName="Microsoft.Sbom.Targets.GenerateSbom" AssemblyFile="$(AssemblyFilePath)" />

<PropertyGroup>
<GenerateSBOM Condition=" '$(GenerateSBOM)' == '' ">false</GenerateSBOM>
<SbomGenerationBuildDropPath Condition=" '$(SbomGenerationBuildDropPath)' == '' ">$(OutDir)</SbomGenerationBuildDropPath>
<SbomGenerationBuildComponentPath Condition=" '$(SbomGenerationBuildComponentPath)' == '' ">$(MSBuildProjectDirectory)</SbomGenerationBuildComponentPath>
<SbomGenerationPackageSupplier Condition=" '$(SbomGenerationPackageSupplier)' == '' And $(Authors) != '' ">$(Authors)</SbomGenerationPackageSupplier>
<SbomGenerationPackageSupplier Condition=" '$(SbomGenerationPackageSupplier)' == '' And $(Authors) == '' ">$(AssemblyName)</SbomGenerationPackageSupplier>
Expand All @@ -49,10 +41,24 @@
<SbomGenerationDeleteManifestDirIfPresent Condition=" '$(SbomGenerationDeleteManifestDirIfPresent)' == '' ">true</SbomGenerationDeleteManifestDirIfPresent>
</PropertyGroup>

<Target Name="GenerateSbomTarget" AfterTargets="Build" Condition=" '$(GenerateSBOM)' == 'true'">
<!-- After the Nuget Package is generated, we will unzip, scan, generate the SBOM and zip again. -->
<Target Name="GenerateSbomTarget" AfterTargets="Pack" Condition=" '$(GenerateSBOM)' == 'true'" >
<Error Condition="'$(BuildOutputTargetFolder)' == ''" Text="The GenerationSbomTarget requires the BuildOutputTargetFolder property to be non-null. Please set a folder name."/>

<!-- Unzip Nuget package, so it can be scanned by the SBOM Task. -->
<PropertyGroup>
<NugetPackage>
$(PackageOutputPath)\$(PackageId).$(PackageVersion).nupkg
</NugetPackage>
<NugetPackageUnzip>
$(PackageOutputPath)\$(PackageId).$(PackageVersion).nupkg.unzip
</NugetPackageUnzip>
</PropertyGroup>
<Unzip DestinationFolder="$(NugetPackageUnzip)" SourceFiles="$(NugetPackage)" OverwriteReadOnlyFiles="true" />

<!-- Call the SBOM Task to generate a SBOM. -->
<GenerateSbom
BuildDropPath="$(SbomGenerationBuildDropPath)"
BuildDropPath="$(NugetPackageUnzip)"
BuildComponentPath="$(SbomGenerationBuildComponentPath)"
PackageSupplier="$(SbomGenerationPackageSupplier)"
PackageName="$(SbomGenerationPackageName)"
Expand All @@ -70,20 +76,9 @@
<Output TaskParameter="SbomPath" PropertyName="SbomPathResult" />
</GenerateSbom>
<Message Importance="High" Text="Task result: $(SbomPathResult)" />
</Target>

<!-- Specify the SBOM files to copy into the nuget package -->
<Target Name="CopySbomOutput" DependsOnTargets="GenerateSbomTarget">
<PropertyGroup>
<!--When building frameworks such as net8.0-windows, the platform version is appended to the framework in the NuGet package-->
<TargetFrameworkWithPlatformVersion Condition="$(TargetPlatformVersion) != ''">$(TargetFramework)$(TargetPlatformVersion)</TargetFrameworkWithPlatformVersion>
<TargetFrameworkWithPlatformVersion Condition="$(TargetPlatformVersion) == ''">$(TargetFramework)</TargetFrameworkWithPlatformVersion>
</PropertyGroup>
<ItemGroup>
<!--Add manifest and SHA file from the GenerateSbom target execution-->
<TfmSpecificPackageFile Include="$([System.IO.Path]::Combine($(SbomPathResult),$(SbomSpecification)))\**">
<PackagePath>$([System.IO.Path]::Combine($(BuildOutputTargetFolder),$(TargetFrameworkWithPlatformVersion),$(ManifestFolderName),$(SbomSpecification)))</PackagePath>
</TfmSpecificPackageFile>
</ItemGroup>
<!-- Zip the Nuget package back up and delete the temporary unzipped package. -->
<ZipDirectory SourceDirectory="$(NugetPackageUnzip)" DestinationFile="$(NugetPackage)" Overwrite="true" />
gustavoaca1997 marked this conversation as resolved.
Show resolved Hide resolved
<RemoveDir Directories="$(NugetPackageUnzip)" />
</Target>
</Project>