Metadata Directly In SBOM #4122
Conversation
github-actions
bot
added
the
documentation
|
Thank you for creating a pull request! |
|
so far... @sxa @andrew-m-leonard might be useful to go through the metadata file, see what we need and what we don't. I would appreciate pointers to where to get the keys we need that we don't have |
README.md
Outdated
| @@ -25,6 +25,8 @@ the "boot JDK" which should generally be one major version prior to the one | |||
| you are building (although one of the same major version will also work). | |||
| Note that the build variant defaults to HotSpot if omitted which builds from the same repositories as Temurin. | |||
|
|
|||
| If you're using wsl, use the `--wsl` flag (ie: `./makejdk-any-platform.sh -J /usr/lib/jvm/java-21-openjdk-amd64 --wsl --create-sbom jdk21`). | |||
There was a problem hiding this comment.
I would prefer to keep #4121 in it's own PR, so changes are indepenedent
There was a problem hiding this comment.
the idea was that hopefully #4121 would go first, and then the diff of this PR would just be the changes here (will update branch). When they go in, they would be independent changes (I'm assuming squash-and-merge policy), so can be independently reverted or cherrypicked
There was a problem hiding this comment.
Looks like the wsl one has been merged so we should be able to rebase this on top of master now too get those changes "removed" from this PR 😀
There was a problem hiding this comment.
the diff is now updated, so if it's squashed and merged only the relevant changes will be in this pr
add space to trigger build
| @@ -1121,6 +1121,11 @@ generateSBoM() { | |||
| addSBOMComponentPropertyFromFile "${javaHome}" "${classpath}" "${sbomJson}" "${componentName}" "makejdk_any_platform_args" "${BUILD_CONFIG[WORKSPACE_DIR]}/config/makejdk-any-platform.args" | |||
| # Add make_command_args JDK Component Property | |||
| addSBOMComponentPropertyFromFile "${javaHome}" "${classpath}" "${sbomJson}" "${componentName}" "make_command_args" "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/makeCommandArg.txt" | |||
| # Add CONFIGURE_ARGS property | |||
| addSBOMComponentProperty "${javaHome}" "${classpath}" "${sbomJson}" "${componentName}" "Configure Args" "${CONFIGURE_ARGS}" | |||
There was a problem hiding this comment.
Although we don't strictly have a naming convention yet for the SBOM properties, i think we should follow roughly what's already there, and use a property name with lowercase , no spaces and use underscores, eg."configure_args", "configure_txt"
We already have "openjdk source" SHA: Line 1102 in d1c15a6 and "Build Config" : Line 1117 in d1c15a6 it does raise the issue of naming convention for these things.... maybe best to look at that in the "restructuring issue" |
Yeah I suggest that we don't use spaces for the new Configure Args value as part of this PR, but we should look at the others as part of any future restructure (and definitely if we end up publishing an XML one - let's get that right from the start). |
also includes changes from #4121 but this is the way @andrew-m-leonard suggested for configure args in #3917 .