Skip to content

chore: Generate SSDLC report and SBOM on release #1365

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Jun 16, 2025
Merged

chore: Generate SSDLC report and SBOM on release #1365

merged 15 commits into from
Jun 16, 2025

Conversation

@oarbusi
Copy link
Collaborator

@oarbusi oarbusi commented Jun 13, 2025
edited
Loading

Proposed changes

Generates SSDLC report and sbom for released resources.

Tested the changes, see the action run and the generated commit

Link to any related issue(s): CLOUDP-324019

Type of change:

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as
    expected)
  • This change requires a documentation update
  • If changes include removal or addition of 3rd party GitHub actions, I updated our internal document. Reach out to the APIx Integration slack channel to get access to the internal document.

Manual QA performed:

  • cfn invoke for each of CRUDL/cfn test
  • Updated resource in example
  • Published to AWS private registry
  • Used the template in example to create and update a stack in AWS
  • Deleted stack to ensure resources are deleted
  • Created multiple resources in same stack
  • Validated in Atlas UI
  • Included screenshots

Required Checklist:

  • I have signed the MongoDB CLA
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that this change does not generate any credentials and that they are NOT accidentally logged anywhere.
  • I have added any necessary documentation (if appropriate)
  • I have run make fmt and formatted my code
  • For CFN Resources: I have released by changes in the private registry and proved by change
    works in Atlas

Further comments

@oarbusi oarbusi mentioned this pull request Jun 13, 2025
Merged
13 tasks
oarbusi
oarbusi commented Jun 13, 2025
View reviewed changes
cfn-resources/cfn-publishing-helper.sh
echo "${publish_output}"

# Extract and store the published version from PublicTypeArn
published_version=$(echo "${publish_output}" | jq -r '.PublicTypeArn' | awk -F'/' '{print $NF}')
Copy link
Collaborator Author

@oarbusi oarbusi Jun 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see docs to understand why this is done

oarbusi
oarbusi commented Jun 13, 2025
View reviewed changes
cfn-resources/cfn-publishing-helper.sh

# Extract and store the published version from PublicTypeArn
published_version=$(echo "${publish_output}" | jq -r '.PublicTypeArn' | awk -F'/' '{print $NF}')
echo "$published_version" >published_version.txt
Copy link
Collaborator Author

@oarbusi oarbusi Jun 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to store it into a file so that it can be accessed in the next steps of Github action above to store it as a GITHUB_OUTPUT to be used in the next job

@oarbusi oarbusi marked this pull request as ready for review June 13, 2025 10:37
@oarbusi oarbusi requested a review from a team as a code owner June 13, 2025 10:37
EspenAlbert
EspenAlbert approved these changes Jun 13, 2025
View reviewed changes
Copy link
Contributor

@EspenAlbert EspenAlbert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice reuse from TF. Wish it was a way to re-use the *.sh too, but I see some paths are different, therefore, maybe not worth it?

@oarbusi
Copy link
Collaborator Author

oarbusi commented Jun 13, 2025

Nice reuse from TF. Wish it was a way to re-use the *.sh too, but I see some paths are different, therefore, maybe not worth it?

@EspenAlbert I don't think is worth it, also, it should be possible to generate purls, sbom and ssdlc report locally in the repo, so I think we should have the scripts here in case we need to manually generate those outside the CI

@oarbusi oarbusi added this pull request to the merge queue Jun 16, 2025
Merged via the queue into master with commit 24a0796 Jun 16, 2025
36 checks passed
@oarbusi oarbusi deleted the CLOUDP-324019-sbom branch June 16, 2025 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lantoli lantoli lantoli approved these changes

@EspenAlbert EspenAlbert EspenAlbert approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@oarbusi @lantoli @EspenAlbert