Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate SBOM files during PR events #656

Merged
merged 3 commits into from
Feb 17, 2022
Merged

Generate SBOM files during PR events #656

merged 3 commits into from
Feb 17, 2022

Conversation

glennmusa
Copy link
Contributor

Description

#654 makes so that the SBOM generates manifest data for just the correct bits, but it was only runnable on-demand.

When running the SBOM generator in a Pull Request, we noticed that:

  1. the pipeline would throw failed to push some refs when using the $(Build.SourceBranch) ref
  2. the pipeline would invoke itself because it's always listening on the PR trigger

This change updates the SBOM pipeline to address those things:

  1. Check for the invocation type "Manual" or "PullRequest" to push the generated SBOM manifest into the correct branch
  2. Checks the contents of the latest commit using git log so that a subsequent PR trigger does not invoke itself
    • If no action is necessary (e.g. the changes are just the new manifest files generated by the pipeline itself), no SBOM is generated and the pipeline succeeds, if there is action necessary, the SBOM will generate new manifest files.

Issue reference

The issue this PR will close: #607

Checklist

Please make sure you've completed the relevant tasks for this PR out of the following list:

  • All acceptance criteria in the backlog item are met
  • The documentation is updated to cover any new or changed features
  • Manual tests have passed
  • Relevant issues are linked to this PR

@glennmusa glennmusa requested a review from a team as a code owner February 17, 2022 21:26
@vidyambala vidyambala merged commit 199b986 into main Feb 17, 2022
@vidyambala vidyambala deleted the glenn/generateSbomInPr branch February 17, 2022 21:43
Breanna-Stryker added a commit that referenced this pull request Feb 21, 2022
@Breanna-Stryker @glennmusa
@brooke-hamilton @vidyambala @jjansen23
Pull in Main (#660)
5411212 
* Check that Portal UI form outputs map to template parameter inputs on pull requests (#620)

* Move the workflow scripts to where they're used (#632)

* Update descriptions in alt text on main README.md (#633)

* Add spike issue template and remove feature request issue template (#635)

* Fix for Terraform issue in which the tier 2 subscription parameter is ignored (#638)

* Process for handling a broken build (#641)

* Clean-up nightly deployments using Azure CLI (#642)

* Add instructions for ASC/Defender cleanup (#643)

* Pin Bicep to v0.4.1272 (#650)

* SBOM generation in PR (#648)

* Update policy assignment resource provider version (#652)

* Generate SBOMs without .git contents (#654)

* Generate SBOM files during PR events (#656)

* check to see if the SBOM needs to be regenerated before running the pipeline again

* Update Software Bill of Materials (SBOM)

Co-authored-by: Microsoft.VisualStudio.Services.TFS <>

Co-authored-by: Glenn Musa <4622125+glennmusa@users.noreply.github.com>
Co-authored-by: Brooke Hamilton <45323234+brooke-hamilton@users.noreply.github.com>
Co-authored-by: Vidya Bala <vidbala@microsoft.com>
Co-authored-by: JeromeJansen <jjansen23@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vidyambala vidyambala vidyambala approved these changes

@brooke-hamilton brooke-hamilton brooke-hamilton approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Generate a bill of materials in a pipeline
3 participants
@glennmusa @vidyambala @brooke-hamilton