Dependency track for V13 pipeline (#20702)

lauraneto · web-flow · commit f7b874d3ef84 · 2025-10-31T16:03:14.000+01:00
* Dependency track for V13 pipeline

* Rename bom-backend to bom-build
diff --git a/build/azure-pipelines.yml b/build/azure-pipelines.yml
@@ -25,6 +25,10 @@ parameters:
     displayName: Upload API docs
     type: boolean
     default: false
+  - name: uploadDependencyTrack
+    displayName: Upload BOMs to Dependency Track
+    type: boolean
+    default: false
   - name: forceReleaseTestFilter
     displayName: Force to use the release test filters
     type: boolean
@@ -93,6 +97,11 @@ stages:
           - script: npm ci --no-fund --no-audit --prefer-offline
             workingDirectory:  src/Umbraco.Web.UI.Client
             displayName: Run npm ci (Backoffice)
+          - powershell: |
+              npm install --global @cyclonedx/cyclonedx-npm
+              cyclonedx-npm -o $(Build.ArtifactStagingDirectory)\bom\bom-backoffice.xml --ignore-npm-errors --verbose
+            displayName: Generate Backoffice UI BOM
+            workingDirectory: src/Umbraco.Web.UI.Client
           - task: gulp@0
             displayName: Run gulp build (Backoffice)
             inputs:
@@ -106,6 +115,10 @@ stages:
               workingDir: src/Umbraco.Web.UI.Login
               verbose: false
               customCommand: ci
+          - powershell: |
+              cyclonedx-npm -o $(Build.ArtifactStagingDirectory)\bom\bom-login.xml --ignore-npm-errors --verbose
+            displayName: Generate Login UI BOM
+            workingDirectory: src/Umbraco.Web.UI.Login
           - task: npm@1
             displayName: Run npm build (Login)
             inputs:
@@ -129,6 +142,10 @@ stages:
               command: build
               projects: $(solution)
               arguments: '--configuration $(buildConfiguration) --no-restore --property:ContinuousIntegrationBuild=true --property:GeneratePackageOnBuild=true --property:PackageOutputPath=$(Build.ArtifactStagingDirectory)/nupkg'
+          - powershell: |
+              dotnet tool install --global CycloneDX
+              dotnet-CycloneDX $(solution) --output $(Build.ArtifactStagingDirectory)/bom --filename bom-dotnet.xml
+            displayName: 'Generate Backend BOM'
           - task: PublishPipelineArtifact@1
             displayName: Publish nupkg
             inputs:
@@ -139,6 +156,35 @@ stages:
             inputs:
               targetPath: $(Build.SourcesDirectory)
               artifactName: build_output
+          - task: PublishPipelineArtifact@1
+            displayName: Publish Backend BOM
+            inputs:
+              targetPath: $(Build.ArtifactStagingDirectory)/bom
+              artifactName: bom-build
+
+  - stage: E2E_BOM
+    displayName: E2E Tests BOM Generation
+    dependsOn: []
+    jobs:
+    - job:
+      displayName: E2E Generate BOM
+      pool:
+        vmImage: "ubuntu-latest"
+      steps:
+        - checkout: self
+          fetchDepth: 500
+        - template: templates/e2e-install.yml
+          parameters:
+            nodeVersion: ${{ variables.nodeVersion }}
+            npm_config_cache: ${{ variables.npm_config_cache }}
+        - powershell: |
+            npm install --global @cyclonedx/cyclonedx-npm
+            cyclonedx-npm -o $(Build.ArtifactStagingDirectory)/bom/bom-e2e.xml --ignore-npm-errors --verbose
+          displayName: Generate E2E Tests BOM
+          workingDirectory: tests/Umbraco.Tests.AcceptanceTest
+        - publish: $(Build.ArtifactStagingDirectory)/bom
+          artifact: bom-e2e
+          displayName: 'Publish E2E BOM'
 
   - stage: Build_Docs
     condition: and(succeeded(), or(eq(dependencies.Build.outputs['A.build.NBGV_PublicRelease'], 'True'), ${{parameters.buildApiDocs}}))
@@ -464,37 +510,18 @@ stages:
               artifact: nupkg
               path: $(Agent.BuildDirectory)/app/nupkg
 
-          - task: NodeTool@0
-            displayName: Use Node.js $(nodeVersion)
-            retryCountOnTaskFailure: 3
-            inputs:
-              versionSpec: $(nodeVersion)
-
           - task: UseDotNet@2
             displayName: Use .NET SDK from global.json
             inputs:
               useGlobalJson: true
 
-          - pwsh: |
-              "UMBRACO_USER_LOGIN=$(UMBRACO__CMS__UNATTENDED__UNATTENDEDUSEREMAIL)
-              UMBRACO_USER_PASSWORD=$(UMBRACO__CMS__UNATTENDED__UNATTENDEDUSERPASSWORD)
-              URL=$(ASPNETCORE_URLS)" | Out-File .env
-            displayName: Generate .env
-            workingDirectory: $(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest
-
-          # Cache and restore NPM packages
-          - task: Cache@2
-            displayName: Cache NPM packages
-            inputs:
-              key: 'npm_e2e | "$(Agent.OS)" | $(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest/package-lock.json'
-              restoreKeys: |
-                npm_e2e | "$(Agent.OS)"
-                npm_e2e
-              path: $(npm_config_cache)
-
-          - script: npm ci --no-fund --no-audit --prefer-offline
-            workingDirectory: $(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest
-            displayName: Restore NPM packages
+          - template: templates/e2e-install.yml
+            parameters:
+              nodeVersion: $(nodeVersion)
+              npm_config_cache: $(npm_config_cache)
+              PlaywrightUserEmail: $(UMBRACO__CMS__UNATTENDED__UNATTENDEDUSEREMAIL)
+              PlaywrightPassword: $(UMBRACO__CMS__UNATTENDED__UNATTENDEDUSERPASSWORD)
+              ASPNETCORE_URLS: $(ASPNETCORE_URLS)
 
           # Build application
           - pwsh: |
@@ -755,6 +782,34 @@ stages:
               searchFolder: "tests/Umbraco.Tests.AcceptanceTest/results"
               testRunTitle: "$(Agent.JobName)"
 
+  - stage: Dependency_Track
+    displayName: Dependency Track
+    dependsOn:
+      - Build
+      - E2E_BOM
+    condition: and(succeeded(), or(eq(dependencies.Build.outputs['A.build.NBGV_PublicRelease'], 'True'), ${{parameters.uploadDependencyTrack}}))
+    variables:
+      # Determine Umbraco version based on whether it's a public release or not. If public release, use major version, else use full NuGet package version.
+      umbracoVersion: $[ iif(eq(stageDependencies.Build.A.outputs['build.NBGV_PublicRelease'], 'True'), stageDependencies.Build.A.outputs['build.NBGV_VersionMajor'], stageDependencies.Build.A.outputs['build.NBGV_NuGetPackageVersion']) ]
+    jobs:
+      - template: templates/dependency-track.yml
+        parameters:
+          projectName: "Umbraco-CMS"
+          umbracoVersion: $(umbracoVersion)
+          projects:
+            - name: "Backend"
+              artifact: "bom-build"
+              bomFilePath: "bom-dotnet.xml"
+            - name: "Login"
+              artifact: "bom-build"
+              bomFilePath: "bom-login.xml"
+            - name: "Backoffice"
+              artifact: "bom-build"
+              bomFilePath: "bom-backoffice.xml"
+            - name: "E2E"
+              artifact: "bom-e2e"
+              bomFilePath: "bom-e2e.xml"
+
   ###############################################
   ## Release
   ###############################################
diff --git a/build/templates/dependency-track.yml b/build/templates/dependency-track.yml
@@ -0,0 +1,56 @@
+parameters:
+  - name: projectName
+    type: string
+  - name: umbracoVersion
+    type: string
+  - name: projects
+    type: object
+
+jobs:
+- job: Create_DT_Project
+  displayName: Create Dependency Track Project
+  steps:
+    - checkout: none
+
+    - bash: |
+        project_id=$(curl --no-progress-meter -H "X-Api-Key: $(DT_API_KEY)" "$(DT_API_URL)/v1/project/lookup?name=${{ parameters.projectName }}&version=${{ parameters.umbracoVersion }}" | jq -r '.uuid')
+        if [ "$project_id" != "null" ] && [ -n "$project_id" ]; then
+          echo "Project '${{ parameters.projectName }}' with version '${{ parameters.umbracoVersion }}' already exists (ID: $project_id)."
+        else
+          project_id=$(curl --no-progress-meter \
+            -X PUT "$(DT_API_URL)/v1/project" \
+            -H "X-Api-Key: $(DT_API_KEY)" \
+            -H "Content-Type: application/json" \
+            -d '{"name": "${{ parameters.projectName }}", "version": "${{ parameters.umbracoVersion }}", "collectionLogic": "AGGREGATE_DIRECT_CHILDREN"}' \
+            | jq -r '.uuid')
+          if [ -z "$project_id" ] || [ "$project_id" == "null" ]; then
+            echo "Failed to create project '${{ parameters.projectName }}' version '${{ parameters.umbracoVersion }}'."
+            exit 1
+          fi
+          echo "Created project '${{ parameters.projectName }}' with version '${{ parameters.umbracoVersion }}' (ID: $project_id)."
+        fi
+      displayName: Ensure main project exists in Dependency Track
+
+- ${{ each project in parameters.projects }}:
+  - job:
+    displayName: Upload ${{ project.name }} BOM
+    dependsOn: Create_DT_Project
+    steps:
+      - checkout: none
+
+      - download: current
+        artifact: ${{ project.artifact }}
+        displayName: Download ${{ project.artifact }} artifact
+
+      - script: |
+          curl --no-progress-meter --fail-with-body \
+            -X POST "$(DT_API_URL)/v1/bom" \
+            -H "X-Api-Key: $(DT_API_KEY)" \
+            -H "Content-Type: multipart/form-data" \
+            -F "autoCreate=true" \
+            -F "projectName=${{ parameters.projectName }}-${{ project.name }}" \
+            -F "projectVersion=${{ parameters.umbracoVersion }}" \
+            -F "parentName=${{ parameters.projectName }}" \
+            -F "parentVersion=${{ parameters.umbracoVersion }}" \
+            -F "bom=@$(Pipeline.Workspace)/${{ project.artifact }}/${{ project.bomFilePath }}"
+        displayName: Upload ${{ project.name }} BOM to Dependency Track
diff --git a/build/templates/e2e-install.yml b/build/templates/e2e-install.yml
@@ -0,0 +1,47 @@
+parameters:
+  - name: nodeVersion
+    type: string
+    default: ''
+
+  - name: npm_config_cache
+    type: string
+    default: ''
+
+  - name: PlaywrightUserEmail
+    type: string
+    default: ''
+
+  - name: PlaywrightPassword
+    type: string
+    default: ''
+
+  - name: ASPNETCORE_URLS
+    type: string
+    default: ''
+
+steps:
+  - task: NodeTool@0
+    displayName: Use Node.js $(nodeVersion)
+    inputs:
+      versionSpec: $(nodeVersion)
+
+  - pwsh: |
+      "UMBRACO_USER_LOGIN=${{ parameters.PlaywrightUserEmail }}
+      UMBRACO_USER_PASSWORD=${{ parameters.PlaywrightPassword }}
+      URL=${{ parameters.ASPNETCORE_URLS }}" | Out-File .env
+    displayName: Generate .env
+    workingDirectory: $(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest
+
+  # Cache and restore NPM packages
+  - task: Cache@2
+    displayName: Cache NPM packages
+    inputs:
+      key: 'npm_e2e | "$(Agent.OS)" | $(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest/package-lock.json'
+      restoreKeys: |
+        npm_e2e | "$(Agent.OS)"
+        npm_e2e
+      path: ${{ parameters.npm_config_cache }}
+
+  - script: npm ci --no-fund --no-audit --prefer-offline
+    workingDirectory: $(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest
+    displayName: Restore NPM packages
