~jan0sch/smederee
~jan0sch/smederee/upload_boms.sh
..
| 0 | #!/usr/bin/env zsh |
| 1 | # |
| 2 | # REQUIRES: script `bom_project_id_mapping.sh` |
| 3 | # - defining the function `get_project_id` |
| 4 | # - defining the variable `DEPTRACK_URL` |
| 5 | # EXAMPLE `bom_project_id_mapping.sh`: |
| 6 | # ``` |
| 7 | # DEPTRACK_KEY="XXX" |
| 8 | # DEPTRACK_URL="https://deptrack.example.com/api/v1/bom" |
| 9 | # function get_project_id() { |
| 10 | # readonly port=${1:?"The project name must be specified!"} |
| 11 | # case $1 in |
| 12 | # DARCS) |
| 13 | # PROJECT_ID="..." |
| 14 | # ;; |
| 15 | # *) |
| 16 | # echo "Unknown project name!" |
| 17 | # exit 1 |
| 18 | # ;; |
| 19 | # esac |
| 20 | # } |
| 21 | # ``` |
| 22 | |
| 23 | set -e |
| 24 | set -u |
| 25 | set -o pipefail |
| 26 | #set -x |
| 27 | |
| 28 | # Define project mapping to dependency-track. |
| 29 | PROJECT_ID="" |
| 30 | source ./bom_project_id_mapping.sh |
| 31 | |
| 32 | # Generate SBOM files via sbt-bom. |
| 33 | sbt makeBom |
| 34 | |
| 35 | # Find BOM.XML files and process them. |
| 36 | for BOM in $(find modules -name "*.bom.xml"); do |
| 37 | # Get module directory name. |
| 38 | MOD=$(echo $BOM | cut -d"/" -f2) |
| 39 | # Transform to uppercase and replace "-" with "_". |
| 40 | PROJECT="$MOD:u:gs/-/_/" |
| 41 | if [ ! -z "$PROJECT" ]; then |
| 42 | get_project_id $PROJECT |
| 43 | if [ ! -z "$PROJECT_ID" ]; then |
| 44 | echo "Uploading BOM from $PROJECT." |
| 45 | curl --silent -X "POST" "$DEPTRACK_URL" \ |
| 46 | -H 'Content-Type: multipart/form-data' \ |
| 47 | -H "X-Api-Key: $DEPTRACK_KEY" \ |
| 48 | -F "project=$PROJECT_ID" \ |
| 49 | -F "bom=@$BOM" > /dev/null |
| 50 | fi |
| 51 | else |
| 52 | echo "No project mapping for: $MOD ($PROJECT)!" |
| 53 | fi |
| 54 | done |