From 62456aba283cc5685e352b2990b485e72e5110cb Mon Sep 17 00:00:00 2001 From: Daniel Mikusa Date: Mon, 31 Jan 2022 17:11:06 -0500 Subject: [PATCH] Generate label-based BOM for all API versions Starting with lifecycle 0.13.3, it is permitted to have both the old style label-based BOM information and the new style layer-based BOM information. If the buildpack API is 0.6 or older, label-based BOMs only is OK. If the buildpack API is 0.7, you may have both label-based BOM and layer-based BOM or just layer-based BOM. It is permitted to have just label-based BOM, however, that will generate a warning from the lifecycle. The libpak library was adjusted to support this. This change updates to remove unnecessary if checks, no longer pass the API and updates tests to pass. Signed-off-by: Daniel Mikusa --- go.mod | 4 ++-- go.sum | 33 +++++++++++++-------------------- sbt/build.go | 7 ++----- sbt/build_test.go | 7 +++++-- 4 files changed, 22 insertions(+), 29 deletions(-) diff --git a/go.mod b/go.mod index 35707ae..3694211 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.15 require ( github.com/buildpacks/libcnb v1.25.5 github.com/onsi/gomega v1.18.1 - github.com/paketo-buildpacks/libbs v1.11.0 - github.com/paketo-buildpacks/libpak v1.57.1 + github.com/paketo-buildpacks/libbs v1.12.0 + github.com/paketo-buildpacks/libpak v1.58.0 github.com/sclevine/spec v1.4.0 ) diff --git a/go.sum b/go.sum index 03df6c8..926888a 100644 --- a/go.sum +++ b/go.sum @@ -1,10 +1,7 @@ -github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/buildpacks/libcnb v1.25.2/go.mod h1:XX0+zHW8CNLNwiiwowgydAgWWfyDt8Lj1NcuWtkkBJQ= -github.com/buildpacks/libcnb v1.25.4/go.mod h1:XX0+zHW8CNLNwiiwowgydAgWWfyDt8Lj1NcuWtkkBJQ= github.com/buildpacks/libcnb v1.25.5 h1:D8UoXv39+0jkG4M+u/pfxYjLWZMOQv1TH6dZDRFpVsg= github.com/buildpacks/libcnb v1.25.5/go.mod h1:KUVN17jE9c+iLqz8FHwfYyCEossLkKEbz1ixPYqwFNI= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -42,15 +39,13 @@ github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= +github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.11 h1:nQ+aFkoE2TMGc0b68U2OKSexC+eq46+XwZzWXHRmPYs= -github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= +github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= -github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk= github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= -github.com/miekg/dns v1.1.45/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= +github.com/miekg/dns v1.1.46/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4= github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= @@ -64,17 +59,16 @@ github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.18.0/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE= github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= -github.com/paketo-buildpacks/libbs v1.11.0 h1:yHYHV9TcH9xJ07dIOaJynGPZpCWo/CHE9fSNO6wkJlM= -github.com/paketo-buildpacks/libbs v1.11.0/go.mod h1:oOaSLuNfcFlbxT5pJZcggBcLLgVR/PJTxLuJBwiunTs= -github.com/paketo-buildpacks/libjvm v1.34.0 h1:VLxEDWnCUgeqlvbO7DOVNCHKbCCAA8pVdTxt7FEqe7k= -github.com/paketo-buildpacks/libjvm v1.34.0/go.mod h1:RmaTffz3a7tut2mfK6K8BVBdbswmTuxi5Lkpi9jYjK0= -github.com/paketo-buildpacks/libpak v1.57.1 h1:Rqq25boRl95WWW10Au8/krEQqZyU8KT4AZocTQxCwBA= -github.com/paketo-buildpacks/libpak v1.57.1/go.mod h1:RqGprj975LOMoH00DjbHcOabU7fOpyVVtOTI+3jhWrU= -github.com/pavel-v-chernykh/keystore-go/v4 v4.2.0 h1:SeA1Gyj3Uxl0vuNFYxN5RaIZ2AMPfCvW4HB2Ki0bYT8= -github.com/pavel-v-chernykh/keystore-go/v4 v4.2.0/go.mod h1:VxOBKEAW8/EJjil9qwfvVDSljDW0DCoZMD4ezsq9n8U= +github.com/paketo-buildpacks/libbs v1.12.0 h1:xlgS+URnb63RMVfarYFdd+2lMpcD84enIXT+/2zOzpw= +github.com/paketo-buildpacks/libbs v1.12.0/go.mod h1:0ny1fFnKX2I12ibXtDLvLtP+wHuOfY2sv+7rghq7QY4= +github.com/paketo-buildpacks/libjvm v1.35.0 h1:sWIt5sSTDYsh3gwKGKdlLjpvZQDzdemWLTqNcEQUiRM= +github.com/paketo-buildpacks/libjvm v1.35.0/go.mod h1:pPfaz2cjwWKfUDrC1oYYNp1jNKm9a+gEVmUNH2vU0h0= +github.com/paketo-buildpacks/libpak v1.58.0 h1:tId115h3SZn8IY8DQxRF36PwhMob4G9TVkWWDTD9MKY= +github.com/paketo-buildpacks/libpak v1.58.0/go.mod h1:qxRaH+WrJYWEb4FZqYkMR9mdyNEsrNOq7bE7O4dXH1k= +github.com/pavel-v-chernykh/keystore-go/v4 v4.3.0 h1:TVckDDIKzWo9/cPdsvyikdmnnKIPeWgnGoekhQM5zBc= +github.com/pavel-v-chernykh/keystore-go/v4 v4.3.0/go.mod h1:VxOBKEAW8/EJjil9qwfvVDSljDW0DCoZMD4ezsq9n8U= github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM= github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -126,10 +120,9 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220207234003-57398862261d h1:Bm7BNOQt2Qv7ZqysjeLjgCBanX+88Z/OtdvsrEv1Djc= +golang.org/x/sys v0.0.0-20220207234003-57398862261d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= diff --git a/sbt/build.go b/sbt/build.go index 1cae837..ba25be6 100644 --- a/sbt/build.go +++ b/sbt/build.go @@ -38,7 +38,7 @@ type Build struct { type ApplicationFactory interface { NewApplication(additionalMetadata map[string]interface{}, arguments []string, artifactResolver libbs.ArtifactResolver, - cache libbs.Cache, command string, bom *libcnb.BOM, applicationPath string, sbomScanner sbom.SBOMScanner, buildpackAPI string) (libbs.Application, error) + cache libbs.Cache, command string, bom *libcnb.BOM, applicationPath string, sbomScanner sbom.SBOMScanner) (libbs.Application, error) } func (b Build) Build(context libcnb.BuildContext) (libcnb.BuildResult, error) { @@ -71,9 +71,7 @@ func (b Build) Build(context libcnb.BuildContext) (libcnb.BuildResult, error) { d, be := NewDistribution(dep, dc) d.Logger = b.Logger result.Layers = append(result.Layers, d) - if be.Name != "" { - result.BOM.Entries = append(result.BOM.Entries, be) - } + result.BOM.Entries = append(result.BOM.Entries, be) command = filepath.Join(context.Layers.Path, d.Name(), "bin", "sbt") } else if err != nil { @@ -116,7 +114,6 @@ func (b Build) Build(context libcnb.BuildContext) (libcnb.BuildResult, error) { result.BOM, context.Application.Path, sbomScanner, - context.Buildpack.API, ) if err != nil { return libcnb.BuildResult{}, fmt.Errorf("unable to create application layer\n%w", err) diff --git a/sbt/build_test.go b/sbt/build_test.go index 2942107..ae8b4dc 100644 --- a/sbt/build_test.go +++ b/sbt/build_test.go @@ -94,8 +94,12 @@ func testBuild(t *testing.T, context spec.G, it spec.S) { Expect(result.Layers[2].Name()).To(Equal("application")) Expect(result.Layers[2].(libbs.Application).Command).To(Equal(filepath.Join(ctx.Layers.Path, "sbt", "bin", "sbt"))) - Expect(result.BOM.Entries).To(HaveLen(0)) + Expect(result.BOM.Entries).To(HaveLen(1)) + Expect(result.BOM.Entries[0].Name).To(Equal("sbt")) + Expect(result.BOM.Entries[0].Build).To(BeTrue()) + Expect(result.BOM.Entries[0].Launch).To(BeFalse()) }) + it("contributes distribution for API <=0.6", func() { ctx.Buildpack.Metadata = map[string]interface{}{ "dependencies": []map[string]interface{}{ @@ -136,7 +140,6 @@ func (f *FakeApplicationFactory) NewApplication( _ *libcnb.BOM, _ string, _ sbom.SBOMScanner, - _ string, ) (libbs.Application, error) { return libbs.Application{ Command: command,