feat: add CycloneDX support and update release process for BOM generation

TheMeinerLP · TheMeinerLP · commit ec4d7e77182c · 2025-11-05T13:39:53.000+01:00
diff --git a/.github/workflows/sematic-releases.yml b/.github/workflows/sematic-releases.yml
@@ -51,3 +51,16 @@ jobs:
           # Token with permissions to push to the client repository
           CLIENT_REPO_TOKEN: ${{ secrets.CLIENT_REPO_TOKEN }}
         run: npx semantic-release
+      - name: Get Version
+        id: get_version
+        run: echo "VERSION=$(cat VERSION.txt)" >> $GITHUB_ENV
+      - name: Upload BOM to Dependency-Track
+        uses: DependencyTrack/gh-upload-sbom@v3
+        with:
+          serverhostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }}
+          apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
+          projectname: 'AntiRedstoneClock-Remastered'
+          projectversion: ${{ env.VERSION }}
+          projecttags: 'bukkit,paper,plugin'
+          bomfilename: "build/reports/cyclonedx/bom.xml"
+          autocreate: true
diff --git a/.releaserc.json b/.releaserc.json
@@ -10,7 +10,7 @@
       "@semantic-release/exec",
       {
         "verifyConditionsCmd": "./gradlew check",
-        "publishCmd": "./gradlew -Pversion=${nextRelease.version} shadowJar publishAllPublicationsToHangar modrinth"
+        "publishCmd": "./gradlew -Pversion=${nextRelease.version} shadowJar publishAllPublicationsToHangar modrinth cyclonedxBom && echo '${nextRelease.version}' > VERSION.txt"
       }
     ],
     [
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -11,6 +11,7 @@ plugins {
     alias(libs.plugins.paper.yml)
     alias(libs.plugins.hangar)
     alias(libs.plugins.modrinth)
+    alias(libs.plugins.cyclonedx)
     jacoco
 }
 
diff --git a/settings.gradle.kts b/settings.gradle.kts
@@ -21,6 +21,7 @@ dependencyResolutionManagement {
             version("paper.yml", "0.6.0")
             version("paper.run", "3.0.2")
             version("shadowJar", "9.2.2")
+            version("cyclonedx", "3.0.1")
 
             version("paper", "1.21.8-R0.1-SNAPSHOT")
             version("bstats", "3.1.0")
@@ -93,6 +94,7 @@ dependencyResolutionManagement {
             plugin("paper.yml", "net.minecrell.plugin-yml.paper").versionRef("paper.yml")
             plugin("paper.run", "xyz.jpenilla.run-paper").versionRef("paper.run")
             plugin("shadowJar", "com.gradleup.shadow").versionRef("shadowJar")
+            plugin("cyclonedx", "org.cyclonedx.bom").versionRef("cyclonedx")
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`"@semantic-release/exec",`
`11`	`11`	`{`
`12`	`12`	`"verifyConditionsCmd": "./gradlew check",`
`13`		`- "publishCmd": "./gradlew -Pversion=${nextRelease.version} shadowJar publishAllPublicationsToHangar modrinth"`
	`13`	`+ "publishCmd": "./gradlew -Pversion=${nextRelease.version} shadowJar publishAllPublicationsToHangar modrinth cyclonedxBom && echo '${nextRelease.version}' > VERSION.txt"`
`14`	`14`	`}`
`15`	`15`	`],`
`16`	`16`	`[`
Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@ plugins {`
`11`	`11`	`alias(libs.plugins.paper.yml)`
`12`	`12`	`alias(libs.plugins.hangar)`
`13`	`13`	`alias(libs.plugins.modrinth)`
	`14`	`+ alias(libs.plugins.cyclonedx)`
`14`	`15`	`jacoco`
`15`	`16`	`}`
`16`	`17`
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@ dependencyResolutionManagement {`
`21`	`21`	`version("paper.yml", "0.6.0")`
`22`	`22`	`version("paper.run", "3.0.2")`
`23`	`23`	`version("shadowJar", "9.2.2")`
	`24`	`+ version("cyclonedx", "3.0.1")`
`24`	`25`
`25`	`26`	`version("paper", "1.21.8-R0.1-SNAPSHOT")`
`26`	`27`	`version("bstats", "3.1.0")`
`@@ -93,6 +94,7 @@ dependencyResolutionManagement {`
`93`	`94`	`plugin("paper.yml", "net.minecrell.plugin-yml.paper").versionRef("paper.yml")`
`94`	`95`	`plugin("paper.run", "xyz.jpenilla.run-paper").versionRef("paper.run")`
`95`	`96`	`plugin("shadowJar", "com.gradleup.shadow").versionRef("shadowJar")`
	`97`	`+ plugin("cyclonedx", "org.cyclonedx.bom").versionRef("cyclonedx")`
`96`	`98`	`}`
`97`	`99`	`}`
`98`	`100`	`}`