Issue #9502 Configure sbom plugin to produce sbom for jetty-home and include it in the distribution (#10877)

* sbom for jetty home only * include the sbom in the distribution * included sbom cyclonedx to have same name as deployed to Maven central --------- Signed-off-by: Olivier Lamy <olamy@apache.org>
2023-11-30 22:16:39 +10:00 · 2023-11-30 22:16:39 +10:00 · 9d00a7c1b6
parent 3f2c30a48f
commit 9d00a7c1b6
3 changed files with 37 additions and 0 deletions
--- a/jetty-home/pom.xml
+++ b/jetty-home/pom.xml
@ -597,6 +597,23 @@
          </execution>
        </executions>
      </plugin>
+      <plugin>
+        <groupId>org.cyclonedx</groupId>
+        <artifactId>cyclonedx-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>cyclonedx-makeAggregateBom</id>
+            <goals>
+              <goal>makeAggregateBom</goal>
+            </goals>
+            <phase>prepare-package</phase>
+            <inherited>false</inherited>
+            <configuration>
+              <outputName>${project.artifactId}-${project.version}-cyclonedx</outputName>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
    </plugins>
  </build>
 </project>
--- a/jetty-home/src/main/assembly/jetty-assembly.xml
+++ b/jetty-home/src/main/assembly/jetty-assembly.xml
@ -35,5 +35,12 @@
      <!-- Set read-execute for shell scripts -->
      <fileMode>0555</fileMode>
    </fileSet>
+    <fileSet>
+      <directory>${project.build.directory}</directory>
+      <outputDirectory></outputDirectory>
+      <includes>
+        <include>*cyclonedx.*</include>
+      </includes>
+    </fileSet>
  </fileSets>
 </assembly>
--- a/pom.xml
+++ b/pom.xml
@ -174,6 +174,7 @@
    <compiler.source>17</compiler.source>
    <compiler.target>17</compiler.target>
    <conscrypt.version>2.5.2</conscrypt.version>
+    <cyclonedx.maven.plugin.version>2.7.10</cyclonedx.maven.plugin.version>
    <depends.maven.plugin.version>1.5.0</depends.maven.plugin.version>
    <disruptor.version>3.4.2</disruptor.version>
    <equinox-http-servlet-version>1.0.0-v20070606</equinox-http-servlet-version>
@ -1661,6 +1662,18 @@
            <processPluginDependenciesInPluginManagement>true</processPluginDependenciesInPluginManagement>
          </configuration>
        </plugin>
+        <plugin>
+          <groupId>org.cyclonedx</groupId>
+          <artifactId>cyclonedx-maven-plugin</artifactId>
+          <version>${cyclonedx.maven.plugin.version}</version>
+          <configuration>
+            <includeCompileScope>true</includeCompileScope>
+            <includeProvidedScope>true</includeProvidedScope>
+            <includeRuntimeScope>true</includeRuntimeScope>
+            <includeSystemScope>true</includeSystemScope>
+            <includeTestScope>false</includeTestScope>
+          </configuration>
+        </plugin>
        <plugin>
          <groupId>org.eclipse.jetty.toolchain</groupId>
          <artifactId>jetty-version-maven-plugin</artifactId>