From 9ae9cb629bcbb6b632b47a895c555661b86fba61 Mon Sep 17 00:00:00 2001 From: dervoeti Date: Mon, 21 Jul 2025 22:14:45 +0200 Subject: [PATCH] feat: SBOMs for opensearch --- opensearch/Dockerfile | 5 ++- opensearch/security-plugin/Dockerfile | 1 + .../3.1.0.0/0001-Add-CycloneDX-plugin.patch | 38 +++++++++++++++++++ .../3.1.0/0002-Add-CycloneDX-plugin.patch | 38 +++++++++++++++++++ 4 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 opensearch/security-plugin/stackable/patches/3.1.0.0/0001-Add-CycloneDX-plugin.patch create mode 100644 opensearch/stackable/patches/3.1.0/0002-Add-CycloneDX-plugin.patch diff --git a/opensearch/Dockerfile b/opensearch/Dockerfile index 77bb7f1b6..f91c5289e 100644 --- a/opensearch/Dockerfile +++ b/opensearch/Dockerfile @@ -11,7 +11,6 @@ WORKDIR /stackable COPY --chown=${STACKABLE_USER_UID}:0 opensearch/stackable/patches/patchable.toml /stackable/src/opensearch/stackable/patches/patchable.toml COPY --chown=${STACKABLE_USER_UID}:0 opensearch/stackable/patches/${PRODUCT} /stackable/src/opensearch/stackable/patches/${PRODUCT} -COPY --chown=${STACKABLE_USER_UID}:0 --from=opensearch-security-plugin /stackable/src/opensearch/security-plugin/patchable-work/worktree/${OPENSEARCH_SECURITY_PLUGIN}/build/distributions/opensearch-security-${OPENSEARCH_SECURITY_PLUGIN}-SNAPSHOT.zip /stackable/opensearch-security-plugin/opensearch-security-${OPENSEARCH_SECURITY_PLUGIN}-SNAPSHOT.zip RUN < +Date: Tue, 22 Jul 2025 09:52:55 +0200 +Subject: Add CycloneDX plugin + +--- + build.gradle | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/build.gradle b/build.gradle +index bb2e65ab..314bb7be 100644 +--- a/build.gradle ++++ b/build.gradle +@@ -71,6 +71,7 @@ plugins { + id 'eclipse' + id "com.github.spotbugs" version "6.2.0" + id "com.google.osdetector" version "1.7.3" ++ id "org.cyclonedx.bom" version "2.3.1" + } + + allprojects { +@@ -87,6 +88,16 @@ apply from: 'gradle/formatting.gradle' + licenseFile = rootProject.file('LICENSE.txt') + noticeFile = rootProject.file('NOTICE.txt') + ++cyclonedxBom { ++ includeConfigs = ["runtimeClasspath"] ++ includeLicenseText = false ++ skipConfigs = ["compileClasspath", "testCompileClasspath"] ++ projectType = "application" ++ schemaVersion = "1.6" ++ outputFormat = "json" ++ componentVersion = opensearch_build ++} ++ + spotbugs { + includeFilter = file('spotbugs-include.xml') + } diff --git a/opensearch/stackable/patches/3.1.0/0002-Add-CycloneDX-plugin.patch b/opensearch/stackable/patches/3.1.0/0002-Add-CycloneDX-plugin.patch new file mode 100644 index 000000000..5948e0492 --- /dev/null +++ b/opensearch/stackable/patches/3.1.0/0002-Add-CycloneDX-plugin.patch @@ -0,0 +1,38 @@ +From b216d37795bbf81a5ebad73101d8081a8f93068c Mon Sep 17 00:00:00 2001 +From: dervoeti +Date: Mon, 21 Jul 2025 12:45:43 +0200 +Subject: Add CycloneDX plugin + +--- + build.gradle | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/build.gradle b/build.gradle +index e7988cb852f..4c2f2374a99 100644 +--- a/build.gradle ++++ b/build.gradle +@@ -58,6 +58,7 @@ plugins { + id "org.gradle.test-retry" version "1.6.2" apply false + id "test-report-aggregation" + id 'jacoco-report-aggregation' ++ id 'org.cyclonedx.bom' version '1.8.2' + } + + apply from: 'gradle/build-complete.gradle' +@@ -77,6 +78,16 @@ allprojects { + description = "OpenSearch subproject ${project.path}" + } + ++cyclonedxBom { ++ includeConfigs = ["runtimeClasspath"] ++ includeLicenseText = false ++ skipConfigs = ["compileClasspath", "testCompileClasspath"] ++ projectType = "application" ++ schemaVersion = "1.6" ++ outputFormat = "json" ++ componentVersion = VersionProperties.getOpenSearch() ++} ++ + configure(allprojects - project(':distribution:archives:integ-test-zip')) { + project.pluginManager.withPlugin('nebula.maven-base-publish') { + if (project.pluginManager.hasPlugin('opensearch.build') == false) {