Generate SBOM manifest #2651
Generate SBOM manifest #2651
Conversation
Relates to dotnet/arcade#8477
|
Can you please add a test build to this? |
|
Test build did not generate sbom folders |
|
@RussKie I think it would be better to switch this repo to use the jobs template. We need to generate the SBOM for the build legs as well as the Prepare for Publish stage https://dev.azure.com/dnceng/internal/_build/results?buildId=1632434&view=logs&j=4d50a8bf-a143-51c7-5cc8-defff437e23b&t=0b0b242f-bbcb-57b5-fe9f-26dc042642ec |
|
Here's a build with SBOM manifest: https://dev.azure.com/dnceng/internal/_build/results?buildId=1633615&view=logs&j=5ab303af-16db-5f58-82d4-945dcabe3bb5&t=24962100-60d4-5768-b736-1d1c025ebd15 @mmitche I added a SBOM step the Prepare for Publish stage, but it's giving me an error. Did I do it incorrectly? |
|
Looked at the build
|
azure-pipelines.yml
Outdated
| @@ -83,6 +83,12 @@ stages: | |||
| pool: | |||
| name: NetCore1ESPool-Internal | |||
| demands: ImageOverride -equals Build.Server.Amd64.VS2019 | |||
| - job: Generate_SBOM | |||
There was a problem hiding this comment.
I don't think we need this here
Can we get rid of that stage then? If it's not doing anything interesting any longer. It used to do something around signing and packaging. |
|
Yes will do |
|
I was trying to remove the prepared artifacts stage, looks like there is some copying of intermediate packages in that job. I am not sure if that is required. I think it will be good to handle that stage removal in a separate PR |
|
Here's an updated build without SBOM in Prepare for Publish stage: https://dev.azure.com/dnceng/internal/_build/results?buildId=1637247&view=results |
|
In the interest of time I'm going to merge this, and we can follow up on anything outstanding later. |
Relates to dotnet/arcade#8477