Merge pull request #29 from theresa-m/dockerfile

Add Dockerfile for running tool in a containerized environment
spdx · Apr 19, 2023 · 08ec34f · 08ec34f
2 parents 567f0bd + 4ba29b8
commit 08ec34f
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,15 @@
+FROM eclipse-temurin:17 
+
+RUN apt update
+RUN apt install -y git maven
+
+WORKDIR /cdx2spdx
+RUN git clone https://github.com/spdx/cdx2spdx.git
+WORKDIR /cdx2spdx/cdx2spdx
+RUN git submodule update --init --recursive
+ENV JAVA_HOME=/opt/java/openjdk
+RUN mvn clean package
+
+RUN mv /cdx2spdx/cdx2spdx/target/*-jar-with-dependencies.jar /cdx2spdx/cdx2spdx/target/cdx2spdx-tool.jar
+
+CMD ["java", "-jar", "/cdx2spdx/cdx2spdx/target/cdx2spdx-tool.jar", "/cdx2spdx/sboms/cyclonedx.json", "/cdx2spdx/sboms/spdx.json"]
diff --git a/README.md b/README.md
@@ -12,6 +12,14 @@ where `cyclonedx.json` is an existing CycloneDX JSON file and `spdx.json` is a f
 
 Although not tested, XML formats should work for CycloneDX and all supported SPDX files formats should work for the output file (e.g. tag/value, XLSX, XML, RDF/XML, YAML).
 
+### Dockerfile
+
+You can also use the included Dockerfile to run this tool using the following build commands. Please note that the input file names are hardcoded  as `cyclonedx.json` and `spdx.json` and should be changed according to the desired result.
+
+`docker build -t cdx2spdx .`
+
+`docker run -v <directory where cyclonedx.json is located>:/cdx2spdx/sboms  -it --rm cdx2spdx`
+
 ## Design and Implementation Notes
 
 The mappings from CycloneDX to SPDX can be found in the [SPDX-CycloneDX-Mapping Google Sheet](https://docs.google.com/spreadsheets/d/1PIiSYLJHlt8djG5OoOYniy_I-J31UMhBKQ62UUBHKVA/edit?usp=sharing).