-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds a convenience method for getting the build, launch and layer BOM file paths #95
Conversation
@samj1912 - Do you want me to squash all the commits? Or will you do that on merge? |
Squash would be nice! As a project we try to avoid changing commits from the authors and use "merge" instead. |
👍 @samj1912 - squashed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few changes for the sake of consistency
All set. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor comment but apart from that LGTM
… file paths This PR includes: - convenience methods on the Layers and Layer object for fetching the SBoM path - deprecated messages if using old-style BOM functionality Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Signed-off-by: Daniel Mikusa <dmikusa@vmware.com>
Thanks for the PR! |
Buildpacks API 0.7 brings one new feature, the functionality for SBoM output through [RFC buildpacks#95](https://github.com/buildpacks/rfcs/blob/main/text/0095-sbom.md). Without this change, you can write the SBoM information as described in RFC buildpacks#95, but the lifecycle will ignore it. To make the lifecycle capture your SBoM information you need to: 1. Use a version of libcnb with this PR. 2. Update the `api = "0.8"` line in your buildpack.toml. 3. Write the SBoM files from your buildpack according to the locations in RFC buildpacks#95. Libcnb does not provide any help with this activity presently, it is up to the buildpack author. 4. Use a lifecycle version with support, 0.13.0+ 5. Use a pack version with platform API 0.8+ The lifecycle should then copy your SBoM files and include them into the image. This PR is only required because the current implementation restricts usage of libcnb to specific buildpack API versions and we needed to add 0.7 to this list. Signed-off-by: Daniel Mikusa <dmikusa@vmware.com>
Also adds
Deprecated:
godoc comments.