|
| 1 | +#!/usr/bin/env bash |
| 2 | + |
| 3 | +set -euo pipefail |
| 4 | + |
| 5 | +function usage() { |
| 6 | + echo "Usage: ${0} [FLAGS] [VERSION]" >&2 |
| 7 | + echo "Example: ${0} --require-evaluation 1.2.3" >&2 |
| 8 | + echo "If omitted, VERSION defaults to 'latest'" >&2 |
| 9 | + exit 1 |
| 10 | +} |
| 11 | + |
| 12 | +full_version_raw="" |
| 13 | +forward_args=() |
| 14 | + |
| 15 | +# Parse flags to forward to the image and optional VERSION |
| 16 | +while [[ ${#} -gt 0 ]]; do |
| 17 | + case "${1}" in |
| 18 | + -h | --help) |
| 19 | + usage |
| 20 | + ;; |
| 21 | + -*) |
| 22 | + forward_args+=("${1}") |
| 23 | + shift |
| 24 | + ;; |
| 25 | + *) |
| 26 | + if [[ -n "${full_version_raw}" ]]; then |
| 27 | + echo "Too many positional arguments." >&2 |
| 28 | + usage |
| 29 | + fi |
| 30 | + full_version_raw="${1}" |
| 31 | + shift |
| 32 | + ;; |
| 33 | + esac |
| 34 | +done |
| 35 | + |
| 36 | +# Default to 'latest' if VERSION not provided |
| 37 | +full_version_raw="${full_version_raw:-latest}" |
| 38 | + |
| 39 | +# Accept X.Y.Z (preferred) or vX.Y.Z (tolerated), or 'latest' |
| 40 | +full_version="${full_version_raw#v}" |
| 41 | + |
| 42 | +# Compute version flag for sbom-generator |
| 43 | +if [[ "${full_version}" == "latest" ]]; then |
| 44 | + version_arg="latest" |
| 45 | +else |
| 46 | + version_arg="v${full_version}" |
| 47 | +fi |
| 48 | + |
| 49 | +# Resolve repository root relative to this script |
| 50 | +REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd -P)" |
| 51 | + |
| 52 | +# Paths relative to repository root (use absolute for reliability) |
| 53 | +SBOM_OUTPUT="${REPO_ROOT}/sbom/sbom.cdx.json" |
| 54 | +CONFIG="${REPO_ROOT}/sbom/sbom.config.yaml" |
| 55 | + |
| 56 | +# Use container wrapper for consistent docker/podman behavior |
| 57 | +WRAPPER="${REPO_ROOT}/scripts/run-from-container.sh" |
| 58 | +IMAGE="ghcr.io/elastisys/sbom-generator:0.3" |
| 59 | + |
| 60 | +if [[ ! -x "${WRAPPER}" ]]; then |
| 61 | + echo "Missing or non-executable ${WRAPPER}." >&2 |
| 62 | + exit 1 |
| 63 | +fi |
| 64 | +# Ensure a writable cache directory inside the repo |
| 65 | +XDG_CACHE_HOME="${REPO_ROOT}/.cache" |
| 66 | +mkdir -p "${XDG_CACHE_HOME}" |
| 67 | +# Ensure output directory exists |
| 68 | +mkdir -p "$(dirname "${SBOM_OUTPUT}")" |
| 69 | + |
| 70 | +echo "Generating SBOM to ${SBOM_OUTPUT} ..." |
| 71 | +# Forward optional GitHub token to avoid rate limits |
| 72 | +extra_env=() |
| 73 | +if [[ -n "${CK8S_GITHUB_TOKEN:-}" ]]; then |
| 74 | + extra_env+=(--env "GITHUB_TOKEN=${CK8S_GITHUB_TOKEN}") |
| 75 | +elif [[ -n "${GITHUB_TOKEN:-}" ]]; then |
| 76 | + extra_env+=(--env GITHUB_TOKEN) |
| 77 | +fi |
| 78 | +"${WRAPPER}" --env XDG_CACHE_HOME="${XDG_CACHE_HOME}" "${extra_env[@]}" \ |
| 79 | + "${IMAGE}" "${forward_args[@]}" generate \ |
| 80 | + --config "${CONFIG}" \ |
| 81 | + --output-path "${SBOM_OUTPUT}" \ |
| 82 | + --version "${version_arg}" \ |
| 83 | + --force |
| 84 | + |
| 85 | +echo "Validating SBOM ${SBOM_OUTPUT} ..." |
| 86 | +"${WRAPPER}" --env XDG_CACHE_HOME="${XDG_CACHE_HOME}" "${extra_env[@]}" \ |
| 87 | + "${IMAGE}" "${forward_args[@]}" validate "${SBOM_OUTPUT}" --config "${CONFIG}" |
| 88 | + |
| 89 | +# Ensure file ends with a single newline to satisfy linters |
| 90 | +if [[ -s "${SBOM_OUTPUT}" ]]; then |
| 91 | + # Append a newline only if the last byte is not a newline |
| 92 | + if [[ $(tail -c1 "${SBOM_OUTPUT}" | wc -l) -eq 0 ]]; then |
| 93 | + printf '\n' >>"${SBOM_OUTPUT}" |
| 94 | + fi |
| 95 | +fi |
| 96 | + |
| 97 | +echo "SBOM generated and validated: ${SBOM_OUTPUT}" |
0 commit comments