Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FUSETOOLS2-2207: Generate sbom for vscode extensions on jenkins #1642

Merged
merged 1 commit into from
Feb 1, 2024
Merged

FUSETOOLS2-2207: Generate sbom for vscode extensions on jenkins #1642

merged 1 commit into from
Feb 1, 2024

Conversation

hdamarcelo
Copy link
Contributor

Draft for generating sbom for vscode extensions on jenkins.

Some open questions are:

  • Should we install jq and cyclonedx?
  • Should we archive/upload the generate sbom?

@hdamarcelo hdamarcelo requested a review from apupier January 26, 2024 04:04
@apupier
Copy link
Member

apupier commented Jan 26, 2024
edited
Loading

  • Should we install jq and cyclonedx?

This could be a question for the team maintaining the Jenkins infra: https://redhat.enterprise.slack.com/archives/C018KJ6D4V9

I launched the job directly on your branch, it seems jq is already installed but not cyclonedx. https://studio-jenkins-csb-codeready.apps.ocp-c1.prod.psi.redhat.com/job/Fuse/job/VSCode/job/vscode-camel-lsp-release/1974/console

09:54:51  [Pipeline] sh
09:54:51  + jq -rcM .version
09:54:51  [Pipeline] sh
09:54:51  + cyclonedx-npm --omit dev --output-file node-sbom.json
09:54:51  /jenkins/workspace/Fuse/VSCode/vscode-camel-lsp-release@tmp/durable-b1b28383/script.sh: line 1: cyclonedx-npm: command not found

I think that for cyclonedx, we can install it ourself in the install requirements part.

  • Should we archive/upload the generate sbom?

Archive yes.
Upload, we plan to do it but for now we do not have instructions where and how. So this will be for another pull request. See https://issues.redhat.com/browse/FUSETOOLS2-2195

apupier
apupier reviewed Jan 26, 2024
View reviewed changes
@hdamarcelo hdamarcelo marked this pull request as draft January 30, 2024 15:46
hdamarcelo
hdamarcelo commented Jan 30, 2024
View reviewed changes
@apupier
Copy link
Member

apupier commented Jan 30, 2024
edited
Loading

current error on Jenkins when using the branch from this PR https://studio-jenkins-csb-codeready.apps.ocp-c1.prod.psi.redhat.com/job/Fuse/job/VSCode/job/vscode-camel-lsp-release/1982/console :

16:38:37  + npm install --global @cyclonedx/cyclonedx-npm
16:38:42  
16:38:42  added 106 packages in 5s
16:38:42  
16:38:42  10 packages are looking for funding
16:38:42    run `npm fund` for details
16:38:42  [Pipeline] sh
16:38:43  + cyclonedx-npm --omit dev --output-file node-sbom.json
16:38:44  npm ERR! code ELSPROBLEMS
16:38:44  npm ERR! missing: @redhat-developer/vscode-redhat-telemetry@^0.7.1, required by vscode-apache-camel@0.16.0
16:38:44  npm ERR! missing: expand-home-dir@^0.0.3, required by vscode-apache-camel@0.16.0
16:38:44  npm ERR! missing: fs-extra@^11.2.0, required by vscode-apache-camel@0.16.0
16:38:44  npm ERR! missing: lodash@^4.17.21, required by vscode-apache-camel@0.16.0
16:38:44  npm ERR! missing: valid-filename@^3.1.0, required by vscode-apache-camel@0.16.0
16:38:44  npm ERR! missing: vscode-languageclient@^9.0.1, required by vscode-apache-camel@0.16.0
16:38:44  npm ERR! missing: winreg-utf8@^0.1.1, required by vscode-apache-camel@0.16.0
16:38:44  
16:38:44  npm ERR! A complete log of this run can be found in: /home/hudson/.npm/_logs/2024-01-30T16_38_43_393Z-debug-0.log
16:38:44    Command failed: npm ls --json --long --all --omit=dev
16:38:44    npm ERR! code ELSPROBLEMS
16:38:44    npm ERR! missing: @redhat-developer/vscode-redhat-telemetry@^0.7.1, required by vscode-apache-camel@0.16.0
16:38:44    npm ERR! missing: expand-home-dir@^0.0.3, required by vscode-apache-camel@0.16.0
16:38:44    npm ERR! missing: fs-extra@^11.2.0, required by vscode-apache-camel@0.16.0
16:38:44    npm ERR! missing: lodash@^4.17.21, required by vscode-apache-camel@0.16.0
16:38:44    npm ERR! missing: valid-filename@^3.1.0, required by vscode-apache-camel@0.16.0
16:38:44    npm ERR! missing: vscode-languageclient@^9.0.1, required by vscode-apache-camel@0.16.0
16:38:44    npm ERR! missing: winreg-utf8@^0.1.1, required by vscode-apache-camel@0.16.0
16:38:44    
16:38:44    npm ERR! A complete log of this run can be found in: /home/hudson/.npm/_logs/2024-01-30T16_38_43_393Z-debug-0.log
16:38:44    
16:38:44    npm ERR! code ELSPROBLEMS
16:38:44    npm ERR! missing: @redhat-developer/vscode-redhat-telemetry@^0.7.1, required by vscode-apache-camel@0.16.0
16:38:44    npm ERR! missing: expand-home-dir@^0.0.3, required by vscode-apache-camel@0.16.0
16:38:44    npm ERR! missing: fs-extra@^11.2.0, required by vscode-apache-camel@0.16.0
16:38:44    npm ERR! missing: lodash@^4.17.21, required by vscode-apache-camel@0.16.0
16:38:44    npm ERR! missing: valid-filename@^3.1.0, required by vscode-apache-camel@0.16.0
16:38:44    npm ERR! missing: vscode-languageclient@^9.0.1, required by vscode-apache-camel@0.16.0
16:38:44    npm ERR! missing: winreg-utf8@^0.1.1, required by vscode-apache-camel@0.16.0
16:38:44    
16:38:44    npm ERR! A complete log of this run can be found in: /home/hudson/.npm/_logs/2024-01-30T16_38_43_393Z-debug-0.log
16:38:44    
16:38:44  
16:38:44  Error: npm-ls exited with errors: 1 noSignal

apupier
apupier reviewed Jan 30, 2024
View reviewed changes
@hdamarcelo hdamarcelo force-pushed the fusetools2-2207 branch 2 times, most recently from a84d278 to b348467 Compare January 30, 2024 18:13
@apupier
Copy link
Member

apupier commented Jan 31, 2024
edited
Loading

error with latest version https://studio-jenkins-csb-codeready.apps.ocp-c1.prod.psi.redhat.com/job/Fuse/job/VSCode/job/vscode-camel-lsp-release/1983/console :

09:14:45  + cyclonedx-npm --omit dev --output-file node-sbom.json
09:14:46  [Pipeline] sh
09:14:46  + ./cyclonedx-linux-x64 merge --hierarchical --group com.github.camel-tooling --name vscode-apache-camel --version 0.16.0
09:14:46  Unable to auto-detect output format

I think the package version retrieved contains a return to line character

@hdamarcelo hdamarcelo force-pushed the fusetools2-2207 branch 2 times, most recently from 1feb202 to a2faa30 Compare February 1, 2024 03:29
apupier
apupier requested changes Feb 1, 2024
View reviewed changes
@hdamarcelo
FUSETOOLS2-2207: Generate sbom for vscode extensions on jenkins
b7c2648 
- Add step to generate sbom using cyclonedx and cyclonedx-npm
- Add cyclonedx to the install requirements step
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Feb 1, 2024

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@apupier
Copy link
Member

apupier commented Feb 1, 2024
edited
Loading

success on Jenkins with latest version of the branch https://studio-jenkins-csb-codeready.apps.ocp-c1.prod.psi.redhat.com/job/Fuse/job/VSCode/job/vscode-camel-lsp-release/1991/

@hdamarcelo hdamarcelo marked this pull request as ready for review February 1, 2024 14:09
@hdamarcelo hdamarcelo merged commit 38b0bc3 into camel-tooling:main Feb 1, 2024
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@apupier apupier apupier approved these changes

Assignees
No one assigned
Labels
READY FOR REVIEW
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hdamarcelo @apupier