Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add sbom field to buildpack.toml (Buildpack API 0.7) #248

Merged
merged 4 commits into from
Nov 29, 2021
Merged

add sbom field to buildpack.toml (Buildpack API 0.7) #248

merged 4 commits into from
Nov 29, 2021

Conversation

robdimsdale
Copy link
Member

Signed-off-by: Rob Dimsdale-Zucker rdimsdale@vmware.com

Summary

As part of implementing the RFC for Syft/CycloneDX we need to add a field to the buildpack.toml as described in the upstream RFC.

Use Cases

Checklist

  • I have viewed, signed, and submitted the Contributor License Agreement.
  • I have linked issue(s) that this PR should close using keywords or the Github UI (See docs)
  • I have added an integration test, if necessary.
  • I have reviewed the styleguide for guidance on my code quality.
  • I'm happy with the commit history on this PR (I have rebased/squashed as needed).

@robdimsdale
add sbom field to buildpack.toml
09b88e9 
Signed-off-by: Rob Dimsdale-Zucker <rdimsdale@vmware.com>
@robdimsdale robdimsdale requested a review from a team as a code owner November 11, 2021 20:42
@ryanmoran ryanmoran added this to the Buildpack API 0.7 milestone Nov 15, 2021
@fg-j fg-j changed the title add sbom field to buildpack.toml add sbom field to buildpack.toml (Buildpack API 0.7) Nov 15, 2021
@fg-j fg-j mentioned this pull request Nov 17, 2021
Closed
@robdimsdale
add SBOM field to cargo's representation of buildpack.toml
1b24037 
Signed-off-by: Rob Dimsdale-Zucker <rdimsdale@vmware.com>
@fg-j
Copy link

fg-j commented Nov 18, 2021
edited
Loading

@paketo-buildpacks/tooling-maintainers As you can see, there were 2 representations of the buildpack.toml that needed to change. I don't love that we have two structs inside of packit representing ostensibly the same thing. Can anyone shed light on why we have two? I know that some of the things in cargo aren't spec'd (e.g. dependency constraints); but I'm wondering if we can de-duplicate the representation of fields like buildpack.licenses and buildpack.sbom.

@fg-j
Copy link

fg-j commented Nov 18, 2021

Per this update in the CNB slack the field will need to be renamed.

@robdimsdale
Copy link
Member Author

Per this update in the CNB slack the field will need to be renamed.

Done.

@sophiewigmore
Copy link
Member

We were holding back on the release of this PR until buildpack API 0.7 became available. It is available now, so I think we can merge this in unless @ForestEckhardt or @ryanmoran have any other concerns.

@fg-j
Copy link

fg-j commented Nov 29, 2021

@paketo-buildpacks/tooling-maintainers – minor version bump?

@ForestEckhardt
Copy link
Contributor

@paketo-buildpacks/tooling-maintainers – minor version bump?

I don't have strong opinions minor sounds right to me

@fg-j fg-j added the semver:minor A change requiring a minor version bump label Nov 29, 2021
@fg-j fg-j merged commit c3b38c6 into paketo-buildpacks:main Nov 29, 2021
@fg-j fg-j mentioned this pull request Nov 30, 2021
Open
@robdimsdale robdimsdale deleted the sbom branch December 6, 2021 17:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ForestEckhardt ForestEckhardt ForestEckhardt approved these changes

@sophiewigmore sophiewigmore sophiewigmore approved these changes

@ryanmoran ryanmoran Awaiting requested review from ryanmoran ryanmoran is a code owner automatically assigned from paketo-buildpacks/tooling-maintainers

@paketo-bot-reviewer paketo-bot-reviewer Awaiting requested review from paketo-bot-reviewer paketo-bot-reviewer is a code owner automatically assigned from paketo-buildpacks/tooling-maintainers

Assignees
No one assigned
Labels
semver:minor A change requiring a minor version bump
Projects
None yet
Milestone
Buildpack API 0.7
Development

Successfully merging this pull request may close these issues.
5 participants
@robdimsdale @fg-j @sophiewigmore @ForestEckhardt @ryanmoran