Skip to content

Commit de0ffcd

Browse files
gagikgagik
committed
Revert "chore(ci): create separate SBOM for node-runtime-worker-thread MONGOSH-1856"
This reverts commit 1ebd528.
1 parent 1ebd528 commit de0ffcd

File tree

10 files changed

+49
-127
lines changed

10 files changed

+49
-127
lines changed

.evergreen.yml

Lines changed: 16 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -3687,7 +3687,7 @@ functions:
36873687
params:
36883688
aws_key: ${aws_key}
36893689
aws_secret: ${aws_secret}
3690-
local_file: src/dist/.sbom/mongosh/sbom.json
3690+
local_file: src/dist/.sbom.json
36913691
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-${executable_os_id}${extra_upload_tag}-sbom.json
36923692
bucket: mciuploads
36933693
permissions: public-read
@@ -3696,29 +3696,11 @@ functions:
36963696
params:
36973697
aws_key: ${aws_key}
36983698
aws_secret: ${aws_secret}
3699-
local_file: src/dist/.sbom/mongosh/purls.txt
3699+
local_file: src/dist/.purls.txt
37003700
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-${executable_os_id}${extra_upload_tag}-purls.txt
37013701
bucket: mciuploads
37023702
permissions: public-read
37033703
content_type: text/plain
3704-
- command: s3.put
3705-
params:
3706-
aws_key: ${aws_key}
3707-
aws_secret: ${aws_secret}
3708-
local_file: src/dist/.sbom/node-runtime-worker-thread/sbom.json
3709-
remote_file: mongosh/binaries/${revision}/${revision_order_id}/node-runtime-worker-thread-${executable_os_id}${extra_upload_tag}-sbom.json
3710-
bucket: mciuploads
3711-
permissions: public-read
3712-
content_type: application/json
3713-
- command: s3.put
3714-
params:
3715-
aws_key: ${aws_key}
3716-
aws_secret: ${aws_secret}
3717-
local_file: src/dist/.sbom/node-runtime-worker-thread/purls.txt
3718-
remote_file: mongosh/binaries/${revision}/${revision_order_id}/node-runtime-worker-thread-${executable_os_id}${extra_upload_tag}-purls.txt
3719-
bucket: mciuploads
3720-
permissions: public-read
3721-
content_type: text/plain
37223704
upload_compiled_artifact:
37233705
- command: shell.exec
37243706
params:
@@ -3749,20 +3731,11 @@ functions:
37493731
params:
37503732
aws_key: ${aws_key}
37513733
aws_secret: ${aws_secret}
3752-
local_file: src/.sbom/mongosh/first-party-deps.json
3734+
local_file: src/.sbom/first-party-deps.json
37533735
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-${executable_os_id}${extra_upload_tag}-first-party-deps.json
37543736
bucket: mciuploads
37553737
permissions: public-read
37563738
content_type: application/json
3757-
- command: s3.put
3758-
params:
3759-
aws_key: ${aws_key}
3760-
aws_secret: ${aws_secret}
3761-
local_file: src/.sbom/node-runtime-worker-thread/first-party-deps.json
3762-
remote_file: mongosh/binaries/${revision}/${revision_order_id}/node-runtime-worker-thread-${executable_os_id}${extra_upload_tag}-first-party-deps.json
3763-
bucket: mciuploads
3764-
permissions: public-read
3765-
content_type: application/json
37663739
download_compiled_artifact:
37673740
- command: s3.get
37683741
type: setup
@@ -3856,77 +3829,77 @@ functions:
38563829
params:
38573830
aws_key: ${aws_key}
38583831
aws_secret: ${aws_secret}
3859-
local_file: src/.sbom/mongosh/mongosh-darwin-x64-first-party-deps.json
3832+
local_file: src/.sbom/mongosh-darwin-x64-first-party-deps.json
38603833
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-darwin-x64-first-party-deps.json
38613834
bucket: mciuploads
38623835
- command: s3.get
38633836
params:
38643837
aws_key: ${aws_key}
38653838
aws_secret: ${aws_secret}
3866-
local_file: src/.sbom/mongosh/mongosh-darwin-arm64-first-party-deps.json
3839+
local_file: src/.sbom/mongosh-darwin-arm64-first-party-deps.json
38673840
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-darwin-arm64-first-party-deps.json
38683841
bucket: mciuploads
38693842
- command: s3.get
38703843
params:
38713844
aws_key: ${aws_key}
38723845
aws_secret: ${aws_secret}
3873-
local_file: src/.sbom/mongosh/mongosh-linux-x64-first-party-deps.json
3846+
local_file: src/.sbom/mongosh-linux-x64-first-party-deps.json
38743847
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-x64-first-party-deps.json
38753848
bucket: mciuploads
38763849
- command: s3.get
38773850
params:
38783851
aws_key: ${aws_key}
38793852
aws_secret: ${aws_secret}
3880-
local_file: src/.sbom/mongosh/mongosh-linux-x64-openssl11-first-party-deps.json
3853+
local_file: src/.sbom/mongosh-linux-x64-openssl11-first-party-deps.json
38813854
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-x64-openssl11-first-party-deps.json
38823855
bucket: mciuploads
38833856
- command: s3.get
38843857
params:
38853858
aws_key: ${aws_key}
38863859
aws_secret: ${aws_secret}
3887-
local_file: src/.sbom/mongosh/mongosh-linux-x64-openssl3-first-party-deps.json
3860+
local_file: src/.sbom/mongosh-linux-x64-openssl3-first-party-deps.json
38883861
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-x64-openssl3-first-party-deps.json
38893862
bucket: mciuploads
38903863
- command: s3.get
38913864
params:
38923865
aws_key: ${aws_key}
38933866
aws_secret: ${aws_secret}
3894-
local_file: src/.sbom/mongosh/mongosh-linux-arm64-first-party-deps.json
3867+
local_file: src/.sbom/mongosh-linux-arm64-first-party-deps.json
38953868
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-arm64-first-party-deps.json
38963869
bucket: mciuploads
38973870
- command: s3.get
38983871
params:
38993872
aws_key: ${aws_key}
39003873
aws_secret: ${aws_secret}
3901-
local_file: src/.sbom/mongosh/mongosh-linux-arm64-openssl11-first-party-deps.json
3874+
local_file: src/.sbom/mongosh-linux-arm64-openssl11-first-party-deps.json
39023875
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-arm64-openssl11-first-party-deps.json
39033876
bucket: mciuploads
39043877
- command: s3.get
39053878
params:
39063879
aws_key: ${aws_key}
39073880
aws_secret: ${aws_secret}
3908-
local_file: src/.sbom/mongosh/mongosh-linux-arm64-openssl3-first-party-deps.json
3881+
local_file: src/.sbom/mongosh-linux-arm64-openssl3-first-party-deps.json
39093882
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-arm64-openssl3-first-party-deps.json
39103883
bucket: mciuploads
39113884
- command: s3.get
39123885
params:
39133886
aws_key: ${aws_key}
39143887
aws_secret: ${aws_secret}
3915-
local_file: src/.sbom/mongosh/mongosh-linux-ppc64le-first-party-deps.json
3888+
local_file: src/.sbom/mongosh-linux-ppc64le-first-party-deps.json
39163889
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-ppc64le-first-party-deps.json
39173890
bucket: mciuploads
39183891
- command: s3.get
39193892
params:
39203893
aws_key: ${aws_key}
39213894
aws_secret: ${aws_secret}
3922-
local_file: src/.sbom/mongosh/mongosh-linux-s390x-first-party-deps.json
3895+
local_file: src/.sbom/mongosh-linux-s390x-first-party-deps.json
39233896
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-linux-s390x-first-party-deps.json
39243897
bucket: mciuploads
39253898
- command: s3.get
39263899
params:
39273900
aws_key: ${aws_key}
39283901
aws_secret: ${aws_secret}
3929-
local_file: src/.sbom/mongosh/mongosh-win32-first-party-deps.json
3902+
local_file: src/.sbom/mongosh-win32-first-party-deps.json
39303903
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-win32-first-party-deps.json
39313904
bucket: mciuploads
39323905
- command: shell.exec
@@ -3940,7 +3913,7 @@ functions:
39403913
.evergreen/create-static-analysis-report.sh
39413914
env:
39423915
NODE_JS_VERSION: ${node_js_version}
3943-
FIRST_PARTY_DEPENDENCY_FILENAMES: .sbom/mongosh/mongosh-darwin-x64-first-party-deps.json,.sbom/mongosh/mongosh-darwin-arm64-first-party-deps.json,.sbom/mongosh/mongosh-linux-x64-first-party-deps.json,.sbom/mongosh/mongosh-linux-x64-openssl11-first-party-deps.json,.sbom/mongosh/mongosh-linux-x64-openssl3-first-party-deps.json,.sbom/mongosh/mongosh-linux-arm64-first-party-deps.json,.sbom/mongosh/mongosh-linux-arm64-openssl11-first-party-deps.json,.sbom/mongosh/mongosh-linux-arm64-openssl3-first-party-deps.json,.sbom/mongosh/mongosh-linux-ppc64le-first-party-deps.json,.sbom/mongosh/mongosh-linux-s390x-first-party-deps.json,.sbom/mongosh/mongosh-win32-first-party-deps.json
3916+
FIRST_PARTY_DEPENDENCY_FILENAMES: .sbom/mongosh-darwin-x64-first-party-deps.json,.sbom/mongosh-darwin-arm64-first-party-deps.json,.sbom/mongosh-linux-x64-first-party-deps.json,.sbom/mongosh-linux-x64-openssl11-first-party-deps.json,.sbom/mongosh-linux-x64-openssl3-first-party-deps.json,.sbom/mongosh-linux-arm64-first-party-deps.json,.sbom/mongosh-linux-arm64-openssl11-first-party-deps.json,.sbom/mongosh-linux-arm64-openssl3-first-party-deps.json,.sbom/mongosh-linux-ppc64le-first-party-deps.json,.sbom/mongosh-linux-s390x-first-party-deps.json,.sbom/mongosh-win32-first-party-deps.json
39443917
GITHUB_TOKEN: ${github_token}
39453918
GITHUB_PR_NUMBER: ${github_pr_number}
39463919
- command: s3.put
@@ -4235,7 +4208,7 @@ functions:
42354208
bucket: mciuploads
42364209
permissions: private
42374210
visibility: signed
4238-
local_file: src/.sbom/mongosh/dependencies.json
4211+
local_file: src/.sbom/dependencies.json
42394212
remote_file: ${project}/${revision}_${revision_order_id}/dependencies.json
42404213
content_type: application/json
42414214
optional: true

.evergreen/compile-artifact.sh

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -96,10 +96,10 @@ if uname -a | grep -q 'Linux.*x86_64'; then
9696
test $(objdump -d dist/mongosh | grep '\bvmovd\b' | wc -l) -lt 1250
9797
fi
9898

99-
npm run create-dependency-sbom-lists
99+
npm run write-node-js-dep
100+
npm run create-purls-file
101+
cp .sbom/purls.txt dist/.purls.txt
102+
103+
cat dist/.purls.txt
100104

101-
ls -lhA .sbom
102-
for dir in .sbom/*/; do
103-
cp ${dir}purls.txt dist/${dir}purls.txt
104-
cat dist/${dir}purls.txt
105-
done
105+
npm run create-dependency-sbom-lists

.evergreen/download-crypt-shared-and-generate-sbom.sh

Lines changed: 10 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,11 @@ set -x
44

55
npm run evergreen-release download-crypt-shared-library
66

7+
ls -lhA dist
8+
echo "pkg:generic/mongo_crypt_shared@$(cat dist/.mongosh_crypt_*.version)" >> dist/.purls.txt
9+
10+
cat dist/.purls.txt
11+
712
set +x
813
echo "${ARTIFACTORY_PASSWORD}" | docker login artifactory.corp.mongodb.com --username "${ARTIFACTORY_USERNAME}" --password-stdin
914
set -x
@@ -13,19 +18,8 @@ trap_handler() {
1318
}
1419
trap trap_handler ERR EXIT
1520

16-
ls -lhA dist/.sbom
17-
18-
for dir in dist/.sbom/*/; do
19-
purls_file="${dir}purls.txt"
20-
if [ -f "$purls_file" ]; then
21-
echo "pkg:generic/mongo_crypt_shared@$(cat dist/.mongosh_crypt_*.version)" >>"$purls_file"
22-
fi
23-
24-
cat ${purls_file}
25-
26-
docker pull artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:2.0
27-
docker run --rm -v ${PWD}:/pwd artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:2.0 update \
28-
--purls /pwd/${purls_file} --sbom-out /pwd/${dir}sbom-lite.json
29-
docker run --env-file /tmp/kondukto_credentials.env --rm -v ${PWD}:/pwd artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:2.0 augment \
30-
--repo mongodb-js/mongosh --branch ${KONDUKTO_BRANCH} --sbom-in /pwd/${dir}sbom-lite.json --sbom-out /pwd/${dir}sbom.json
31-
done
21+
docker pull artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:2.0
22+
docker run --rm -v ${PWD}:/pwd artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:2.0 update \
23+
--purls /pwd/dist/.purls.txt --sbom-out /pwd/dist/.sbom-lite.json
24+
docker run --env-file /tmp/kondukto_credentials.env --rm -v ${PWD}:/pwd artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:2.0 augment \
25+
--repo mongodb-js/mongosh --branch ${KONDUKTO_BRANCH} --sbom-in /pwd/dist/.sbom-lite.json --sbom-out /pwd/dist/.sbom.json

.evergreen/evergreen.yml.in

Lines changed: 6 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -396,7 +396,7 @@ functions:
396396
params:
397397
aws_key: ${aws_key}
398398
aws_secret: ${aws_secret}
399-
local_file: src/dist/.sbom/mongosh/sbom.json
399+
local_file: src/dist/.sbom.json
400400
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-${executable_os_id}${extra_upload_tag}-sbom.json
401401
bucket: mciuploads
402402
permissions: public-read
@@ -405,29 +405,11 @@ functions:
405405
params:
406406
aws_key: ${aws_key}
407407
aws_secret: ${aws_secret}
408-
local_file: src/dist/.sbom/mongosh/purls.txt
408+
local_file: src/dist/.purls.txt
409409
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-${executable_os_id}${extra_upload_tag}-purls.txt
410410
bucket: mciuploads
411411
permissions: public-read
412412
content_type: text/plain
413-
- command: s3.put
414-
params:
415-
aws_key: ${aws_key}
416-
aws_secret: ${aws_secret}
417-
local_file: src/dist/.sbom/node-runtime-worker-thread/sbom.json
418-
remote_file: mongosh/binaries/${revision}/${revision_order_id}/node-runtime-worker-thread-${executable_os_id}${extra_upload_tag}-sbom.json
419-
bucket: mciuploads
420-
permissions: public-read
421-
content_type: application/json
422-
- command: s3.put
423-
params:
424-
aws_key: ${aws_key}
425-
aws_secret: ${aws_secret}
426-
local_file: src/dist/.sbom/node-runtime-worker-thread/purls.txt
427-
remote_file: mongosh/binaries/${revision}/${revision_order_id}/node-runtime-worker-thread-${executable_os_id}${extra_upload_tag}-purls.txt
428-
bucket: mciuploads
429-
permissions: public-read
430-
content_type: text/plain
431413
upload_compiled_artifact:
432414
- command: shell.exec
433415
params:
@@ -458,20 +440,11 @@ functions:
458440
params:
459441
aws_key: ${aws_key}
460442
aws_secret: ${aws_secret}
461-
local_file: src/.sbom/mongosh/first-party-deps.json
443+
local_file: src/.sbom/first-party-deps.json
462444
remote_file: mongosh/binaries/${revision}/${revision_order_id}/mongosh-${executable_os_id}${extra_upload_tag}-first-party-deps.json
463445
bucket: mciuploads
464446
permissions: public-read
465447
content_type: application/json
466-
- command: s3.put
467-
params:
468-
aws_key: ${aws_key}
469-
aws_secret: ${aws_secret}
470-
local_file: src/.sbom/node-runtime-worker-thread/first-party-deps.json
471-
remote_file: mongosh/binaries/${revision}/${revision_order_id}/node-runtime-worker-thread-${executable_os_id}${extra_upload_tag}-first-party-deps.json
472-
bucket: mciuploads
473-
permissions: public-read
474-
content_type: application/json
475448
download_compiled_artifact:
476449
- command: s3.get
477450
type: setup
@@ -570,7 +543,7 @@ functions:
570543
params:
571544
aws_key: ${aws_key}
572545
aws_secret: ${aws_secret}
573-
local_file: src/.sbom/mongosh/<% out(filename) %>
546+
local_file: src/.sbom/<% out(filename) %>
574547
remote_file: mongosh/binaries/${revision}/${revision_order_id}/<% out(filename) %>
575548
bucket: mciuploads
576549
<% } %>
@@ -585,7 +558,7 @@ functions:
585558
.evergreen/create-static-analysis-report.sh
586559
env:
587560
NODE_JS_VERSION: ${node_js_version}
588-
FIRST_PARTY_DEPENDENCY_FILENAMES: <% out(firstPartyDepsFilenames.map(f => `.sbom/mongosh/${f}`).join(',')) %>
561+
FIRST_PARTY_DEPENDENCY_FILENAMES: <% out(firstPartyDepsFilenames.map(f => `.sbom/${f}`).join(',')) %>
589562
GITHUB_TOKEN: ${github_token}
590563
GITHUB_PR_NUMBER: ${github_pr_number}
591564
- command: s3.put
@@ -880,7 +853,7 @@ functions:
880853
bucket: mciuploads
881854
permissions: private
882855
visibility: signed
883-
local_file: src/.sbom/mongosh/dependencies.json
856+
local_file: src/.sbom/dependencies.json
884857
remote_file: ${project}/${revision}_${revision_order_id}/dependencies.json
885858
content_type: application/json
886859
optional: true

config/build.conf.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -154,7 +154,7 @@ module.exports = {
154154
packagedFilePath: 'THIRD_PARTY_NOTICES'
155155
},
156156
{
157-
sourceFilePath: path.resolve(path.dirname(EXECUTABLE_PATH), '.sbom/mongosh/sbom.json'),
157+
sourceFilePath: path.resolve(path.dirname(EXECUTABLE_PATH), '.sbom.json'),
158158
packagedFilePath: '.sbom.json'
159159
},
160160
],

package.json

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -49,20 +49,22 @@
4949
"check-coverage": "nyc check-coverage --lines=90",
5050
"generate-error-overview": "npm run generate-error-overview --workspace @mongosh/errors",
5151
"update-authors": "ts-node -P configs/tsconfig-mongosh/tsconfig.common.json scripts/generate-authors.ts",
52-
"write-node-js-dep": "mkdir -p .sbom && node scripts/write-nodejs-dep > .sbom/node-js-dep.json",
53-
"create-dependency-sbom-lists": "npm run write-node-js-dep && npm run create-dependency-sbom-lists --workspaces --if-present",
52+
"create-dependency-sbom-lists": "npm run webpack-build -w packages/cli-repl && npm run write-node-js-dep && npm run create-purls-file && npm run create-first-party-dependency-lists",
53+
"create-first-party-dependency-lists": "mongodb-sbom-tools fetch-codeql-results --first-party-deps-list-dest=.sbom/first-party-deps.json --dependencies=.sbom/dependencies.json --exclude-repos=mongodb-js/kerberos,mongodb-client-encryption",
54+
"create-purls-file": "node scripts/create-purls.js .sbom/dependencies.json .sbom/node-js-dep.json > .sbom/purls.txt",
5455
"preupdate-third-party-notices": "npm run create-dependency-sbom-lists",
55-
"update-third-party-notices": "mongodb-sbom-tools generate-3rd-party-notices --product='mongosh' --dependencies=.sbom/mongosh/dependencies.json > THIRD_PARTY_NOTICES.md",
56+
"update-third-party-notices": "mongodb-sbom-tools generate-3rd-party-notices --product='mongosh' --dependencies=.sbom/dependencies.json > THIRD_PARTY_NOTICES.md",
5657
"update-node-js-versions": "npx @pkgjs/nv ls v20 > .evergreen/node-20-latest.json",
5758
"update-evergreen-config": "npm run test-evergreen-expansions && node .evergreen/generate-evergreen-yml.js .evergreen/evergreen.yml.in > .evergreen.yml",
5859
"update-cli-usage-text": "node scripts/update-cli-usage-text.js",
5960
"update-security-test-summary": "ts-node scripts/generate-security-test-summary.ts > docs/security-test-summary.md",
6061
"mark-ci-required-optional-dependencies": "ts-node scripts/mark-ci-required-optional-dependencies.ts",
62+
"write-node-js-dep": "node scripts/write-nodejs-dep > .sbom/node-js-dep.json",
6163
"scan-node-js": "mongodb-sbom-tools scan-node-js --version=$NODE_JS_VERSION > .sbom/node-js-vuln.json",
6264
"snyk-test": "node scripts/snyk-test.js",
6365
"pregenerate-vulnerability-report": "npm run create-dependency-sbom-lists && npm run snyk-test && npm run scan-node-js",
64-
"generate-vulnerability-report": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/mongosh/dependencies.json,.sbom/node-js-dep.json --fail-on=high > .sbom/vulnerability-report.md",
65-
"create-vulnerability-tickets": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/mongosh/dependencies.json,.sbom/node-js-dep.json --create-jira-issues",
66+
"generate-vulnerability-report": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/dependencies.json,.sbom/node-js-dep.json --fail-on=high > .sbom/vulnerability-report.md",
67+
"create-vulnerability-tickets": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/dependencies.json,.sbom/node-js-dep.json --create-jira-issues",
6668
"create-static-analysis-report": "mongodb-sbom-tools fetch-codeql-results --sarif-dest=.sbom/codeql.sarif.json",
6769
"postcreate-static-analysis-report": "mongodb-sbom-tools sarif-to-markdown --sarif=.sbom/codeql.sarif.json --md=.sbom/codeql.md",
6870
"where": "monorepo-where",

0 commit comments

Comments
 (0)