Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GH-15265: [Java] Publish SBOM artifacts #15267

Merged
merged 5 commits into from Jan 17, 2023
Merged

GH-15265: [Java] Publish SBOM artifacts #15267

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
035ee69
GH-15265: [Java] Publish SBOM artifacts
dongjoon-hyun Jan 9, 2023
785ceac
Address comment
dongjoon-hyun Jan 9, 2023
a2f604e
fix
dongjoon-hyun Jan 9, 2023
0bd0900
enumerate for all jars
dongjoon-hyun Jan 9, 2023
97af0c9
Add .json and .xml
dongjoon-hyun Jan 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/java_nightly.yml
View file
Open in desktop
Expand Up @@ -107,7 +107,7 @@ jobs:
fi
PATTERN_TO_GET_LIB_AND_VERSION='([a-z].+)-([0-9]+.[0-9]+.[0-9]+-SNAPSHOT)'
mkdir -p repo/org/apache/arrow/
for LIBRARY in $(ls binaries/$PREFIX/java-jars | grep -E '.jar|.pom' | grep SNAPSHOT); do
for LIBRARY in $(ls binaries/$PREFIX/java-jars | grep -E '.jar|.json|.pom|.xml' | grep SNAPSHOT); do
[[ $LIBRARY =~ $PATTERN_TO_GET_LIB_AND_VERSION ]]
mkdir -p repo/org/apache/arrow/${BASH_REMATCH[1]}/${BASH_REMATCH[2]}
mkdir -p repo/org/apache/arrow/${BASH_REMATCH[1]}/${DATE}
Expand Down
8 changes: 7 additions & 1 deletion ci/scripts/java_full_build.sh
View file
Open in desktop
Expand Up @@ -65,7 +65,13 @@ find . \
-exec echo {} ";" \
-exec cp {} $dist_dir ";"
find ~/.m2/repository/org/apache/arrow \
"(" -name "*.jar" -o -name "*.zip" -o -name "*.pom" ")" \
"(" \
-name "*.jar" -o \
-name "*.json" -o \
-name "*.pom" -o \
-name "*.xml" -o \
-name "*.zip" \
")" \
-exec echo {} ";" \
-exec cp {} $dist_dir ";"

Expand Down
2 changes: 2 additions & 0 deletions dev/tasks/java-jars/github.yml
View file
Open in desktop
Expand Up @@ -211,5 +211,7 @@ jobs:
$GITHUB_WORKSPACE/arrow \
$GITHUB_WORKSPACE/arrow/java-dist
{{ macros.github_upload_releases(["arrow/java-dist/*.jar",
"arrow/java-dist/*.json",
"arrow/java-dist/*.pom",
"arrow/java-dist/*.xml",
"arrow/java-dist/*.zip"])|indent }}
48 changes: 48 additions & 0 deletions dev/tasks/tasks.yml
View file
Open in desktop
Expand Up @@ -801,91 +801,131 @@ tasks:
ci: github
template: java-jars/github.yml
artifacts:
- arrow-algorithm-{no_rc_snapshot_version}-cyclonedx.json
- arrow-algorithm-{no_rc_snapshot_version}-cyclonedx.xml
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, do we need to repeat this for all jars like arrow-avro/arrow-c-data/arrow-compression/...?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think so. That is why @kou said the diff is incomplete for dev/tasks/tasks.yml and there is a # NOTE!!! We need to add more entries for *-cyclonedx.{json,xml}.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it. Thank you for the confirmation.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added them all at de44a62

- arrow-algorithm-{no_rc_snapshot_version}-javadoc.jar
- arrow-algorithm-{no_rc_snapshot_version}-sources.jar
- arrow-algorithm-{no_rc_snapshot_version}-tests.jar
- arrow-algorithm-{no_rc_snapshot_version}.jar
- arrow-algorithm-{no_rc_snapshot_version}.pom
- arrow-avro-{no_rc_snapshot_version}-cyclonedx.json
- arrow-avro-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-avro-{no_rc_snapshot_version}-javadoc.jar
- arrow-avro-{no_rc_snapshot_version}-sources.jar
- arrow-avro-{no_rc_snapshot_version}-tests.jar
- arrow-avro-{no_rc_snapshot_version}.jar
- arrow-avro-{no_rc_snapshot_version}.pom
- arrow-c-data-{no_rc_snapshot_version}-cyclonedx.json
- arrow-c-data-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-c-data-{no_rc_snapshot_version}-javadoc.jar
- arrow-c-data-{no_rc_snapshot_version}-sources.jar
- arrow-c-data-{no_rc_snapshot_version}-tests.jar
- arrow-c-data-{no_rc_snapshot_version}.jar
- arrow-c-data-{no_rc_snapshot_version}.pom
- arrow-compression-{no_rc_snapshot_version}-cyclonedx.json
- arrow-compression-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-compression-{no_rc_snapshot_version}-javadoc.jar
- arrow-compression-{no_rc_snapshot_version}-sources.jar
- arrow-compression-{no_rc_snapshot_version}-tests.jar
- arrow-compression-{no_rc_snapshot_version}.jar
- arrow-compression-{no_rc_snapshot_version}.pom
- arrow-dataset-{no_rc_snapshot_version}-cyclonedx.json
- arrow-dataset-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-dataset-{no_rc_snapshot_version}-javadoc.jar
- arrow-dataset-{no_rc_snapshot_version}-sources.jar
- arrow-dataset-{no_rc_snapshot_version}-tests.jar
- arrow-dataset-{no_rc_snapshot_version}.jar
- arrow-dataset-{no_rc_snapshot_version}.pom
- arrow-flight-{no_rc_snapshot_version}-cyclonedx.json
- arrow-flight-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-flight-{no_rc_snapshot_version}.pom
- arrow-format-{no_rc_snapshot_version}-cyclonedx.json
- arrow-format-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-format-{no_rc_snapshot_version}-javadoc.jar
- arrow-format-{no_rc_snapshot_version}-sources.jar
- arrow-format-{no_rc_snapshot_version}-tests.jar
- arrow-format-{no_rc_snapshot_version}.jar
- arrow-format-{no_rc_snapshot_version}.pom
- arrow-gandiva-{no_rc_snapshot_version}-cyclonedx.json
- arrow-gandiva-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-gandiva-{no_rc_snapshot_version}-javadoc.jar
- arrow-gandiva-{no_rc_snapshot_version}-sources.jar
- arrow-gandiva-{no_rc_snapshot_version}-tests.jar
- arrow-gandiva-{no_rc_snapshot_version}.jar
- arrow-gandiva-{no_rc_snapshot_version}.pom
- arrow-java-root-{no_rc_snapshot_version}-cyclonedx.json
- arrow-java-root-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-java-root-{no_rc_snapshot_version}-source-release.zip
- arrow-java-root-{no_rc_snapshot_version}.pom
- arrow-jdbc-{no_rc_snapshot_version}-cyclonedx.json
- arrow-jdbc-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-jdbc-{no_rc_snapshot_version}-javadoc.jar
- arrow-jdbc-{no_rc_snapshot_version}-sources.jar
- arrow-jdbc-{no_rc_snapshot_version}-tests.jar
- arrow-jdbc-{no_rc_snapshot_version}.jar
- arrow-jdbc-{no_rc_snapshot_version}.pom
- arrow-memory-core-{no_rc_snapshot_version}-cyclonedx.json
- arrow-memory-core-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-memory-core-{no_rc_snapshot_version}-javadoc.jar
- arrow-memory-core-{no_rc_snapshot_version}-sources.jar
- arrow-memory-core-{no_rc_snapshot_version}-tests.jar
- arrow-memory-core-{no_rc_snapshot_version}.jar
- arrow-memory-core-{no_rc_snapshot_version}.pom
- arrow-memory-netty-{no_rc_snapshot_version}-cyclonedx.json
- arrow-memory-netty-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-memory-netty-{no_rc_snapshot_version}-javadoc.jar
- arrow-memory-netty-{no_rc_snapshot_version}-sources.jar
- arrow-memory-netty-{no_rc_snapshot_version}-tests.jar
- arrow-memory-netty-{no_rc_snapshot_version}.jar
- arrow-memory-netty-{no_rc_snapshot_version}.pom
- arrow-memory-unsafe-{no_rc_snapshot_version}-cyclonedx.json
- arrow-memory-unsafe-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-memory-unsafe-{no_rc_snapshot_version}-javadoc.jar
- arrow-memory-unsafe-{no_rc_snapshot_version}-sources.jar
- arrow-memory-unsafe-{no_rc_snapshot_version}-tests.jar
- arrow-memory-unsafe-{no_rc_snapshot_version}.jar
- arrow-memory-unsafe-{no_rc_snapshot_version}.pom
- arrow-memory-{no_rc_snapshot_version}-cyclonedx.json
- arrow-memory-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-memory-{no_rc_snapshot_version}.pom
- arrow-orc-{no_rc_snapshot_version}-cyclonedx.json
- arrow-orc-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-orc-{no_rc_snapshot_version}-javadoc.jar
- arrow-orc-{no_rc_snapshot_version}-sources.jar
- arrow-orc-{no_rc_snapshot_version}-tests.jar
- arrow-orc-{no_rc_snapshot_version}.jar
- arrow-orc-{no_rc_snapshot_version}.pom
- arrow-performance-{no_rc_snapshot_version}-cyclonedx.json
- arrow-performance-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-performance-{no_rc_snapshot_version}-sources.jar
- arrow-performance-{no_rc_snapshot_version}-tests.jar
- arrow-performance-{no_rc_snapshot_version}.jar
- arrow-performance-{no_rc_snapshot_version}.pom
- arrow-plasma-{no_rc_snapshot_version}-cyclonedx.json
- arrow-plasma-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-plasma-{no_rc_snapshot_version}-javadoc.jar
- arrow-plasma-{no_rc_snapshot_version}-sources.jar
- arrow-plasma-{no_rc_snapshot_version}-tests.jar
- arrow-plasma-{no_rc_snapshot_version}.jar
- arrow-plasma-{no_rc_snapshot_version}.pom
- arrow-tools-{no_rc_snapshot_version}-cyclonedx.json
- arrow-tools-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-tools-{no_rc_snapshot_version}-jar-with-dependencies.jar
- arrow-tools-{no_rc_snapshot_version}-javadoc.jar
- arrow-tools-{no_rc_snapshot_version}-sources.jar
- arrow-tools-{no_rc_snapshot_version}-tests.jar
- arrow-tools-{no_rc_snapshot_version}.jar
- arrow-tools-{no_rc_snapshot_version}.pom
- arrow-vector-{no_rc_snapshot_version}-cyclonedx.json
- arrow-vector-{no_rc_snapshot_version}-cyclonedx.xml
- arrow-vector-{no_rc_snapshot_version}-javadoc.jar
- arrow-vector-{no_rc_snapshot_version}-shade-format-flatbuffers.jar
- arrow-vector-{no_rc_snapshot_version}-sources.jar
- arrow-vector-{no_rc_snapshot_version}-tests.jar
- arrow-vector-{no_rc_snapshot_version}.jar
- arrow-vector-{no_rc_snapshot_version}.pom
- flight-core-{no_rc_snapshot_version}-cyclonedx.json
- flight-core-{no_rc_snapshot_version}-cyclonedx.xml
- flight-core-{no_rc_snapshot_version}-jar-with-dependencies.jar
- flight-core-{no_rc_snapshot_version}-javadoc.jar
- flight-core-{no_rc_snapshot_version}-shaded-ext.jar
Expand All @@ -894,22 +934,30 @@ tasks:
- flight-core-{no_rc_snapshot_version}-tests.jar
- flight-core-{no_rc_snapshot_version}.jar
- flight-core-{no_rc_snapshot_version}.pom
- flight-grpc-{no_rc_snapshot_version}-cyclonedx.json
- flight-grpc-{no_rc_snapshot_version}-cyclonedx.xml
- flight-grpc-{no_rc_snapshot_version}-javadoc.jar
- flight-grpc-{no_rc_snapshot_version}-sources.jar
- flight-grpc-{no_rc_snapshot_version}-tests.jar
- flight-grpc-{no_rc_snapshot_version}.jar
- flight-grpc-{no_rc_snapshot_version}.pom
- flight-integration-tests-{no_rc_snapshot_version}-cyclonedx.json
- flight-integration-tests-{no_rc_snapshot_version}-cyclonedx.xml
- flight-integration-tests-{no_rc_snapshot_version}-jar-with-dependencies.jar
- flight-integration-tests-{no_rc_snapshot_version}-javadoc.jar
- flight-integration-tests-{no_rc_snapshot_version}-sources.jar
- flight-integration-tests-{no_rc_snapshot_version}-tests.jar
- flight-integration-tests-{no_rc_snapshot_version}.jar
- flight-integration-tests-{no_rc_snapshot_version}.pom
- flight-sql-{no_rc_snapshot_version}-cyclonedx.json
- flight-sql-{no_rc_snapshot_version}-cyclonedx.xml
- flight-sql-{no_rc_snapshot_version}-javadoc.jar
- flight-sql-{no_rc_snapshot_version}-sources.jar
- flight-sql-{no_rc_snapshot_version}-tests.jar
- flight-sql-{no_rc_snapshot_version}.jar
- flight-sql-{no_rc_snapshot_version}.pom
- flight-sql-jdbc-driver-{no_rc_snapshot_version}-cyclonedx.json
- flight-sql-jdbc-driver-{no_rc_snapshot_version}-cyclonedx.xml
- flight-sql-jdbc-driver-{no_rc_snapshot_version}-javadoc.jar
- flight-sql-jdbc-driver-{no_rc_snapshot_version}-sources.jar
- flight-sql-jdbc-driver-{no_rc_snapshot_version}-tests.jar
Expand Down
13 changes: 13 additions & 0 deletions java/pom.xml
View file
Open in desktop
Expand Up @@ -355,6 +355,19 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<version>2.7.3</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>makeBom</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>

<pluginManagement>
Expand Down