From 8d89443d4aba3857f5d725807f33ae151c92be9b Mon Sep 17 00:00:00 2001
From: Kyriakos Sidiropoulos <kyriakos.sidiropoulos@laerdal.com>
Date: Wed, 4 Sep 2024 14:52:50 +0200
Subject: [PATCH 1/7] refa (Laerdal.Builder.targets): consolidate
 Is_Core_Branch

---
 Laerdal.Dfu/Laerdal.Dfu.csproj          | 17 +++++++++--------
 Laerdal.Scripts/Laerdal.Builder.targets | 11 +++++++++--
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/Laerdal.Dfu/Laerdal.Dfu.csproj b/Laerdal.Dfu/Laerdal.Dfu.csproj
index bb3e08f..06368cd 100644
--- a/Laerdal.Dfu/Laerdal.Dfu.csproj
+++ b/Laerdal.Dfu/Laerdal.Dfu.csproj
@@ -7,9 +7,9 @@
         <UseMaui>true</UseMaui>
         <SingleProject>true</SingleProject>
         <ImplicitUsings>enable</ImplicitUsings>
-        
+
         <LangVersion>11.0</LangVersion>
-        
+
         <TargetPlatformIdentifier>$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)'))</TargetPlatformIdentifier>
 
         <SupportedOSPlatformVersion Condition=" '$(TargetPlatformIdentifier)' == 'ios'     ">14.2</SupportedOSPlatformVersion>
@@ -33,7 +33,7 @@
     </PropertyGroup>
     <!-- ============================ VERSION ============================ -->
 
-    
+
     <!-- ==================== NETSTANDARD PlACEHOLDER ==================== -->
     <ItemGroup Condition=" '$(TargetFramework.StartsWith(netstandard))' == 'true' ">
         <Compile Remove="Platforms\**\**">
@@ -48,14 +48,15 @@
 
     <Import Project="Laerdal.targets"/>
 
-    <!-- =========================== PACKAGES ============================ -->    
-    <ItemGroup Condition=" '$(TargetPlatformIdentifier)' == 'android' ">
-        <PackageReference Include="Laerdal.Dfu.Bindings.Android" Version="2.3.0.43876"/>
-    </ItemGroup>
-    
+    <!-- =========================== PACKAGES ============================ -->
+
     <ItemGroup Condition=" '$(TargetPlatformIdentifier)' == 'ios' ">
         <PackageReference Include="Laerdal.Dfu.Bindings.iOS" Version="4.13.0.43928"/>
     </ItemGroup>
+
+    <ItemGroup Condition="'$(TargetFramework)' == 'net7.0-android'">
+      <PackageReference Include="Laerdal.Dfu.Bindings.Android" Version="9.0.35" />
+    </ItemGroup>
     <!-- =========================== PACKAGES ============================ -->
 
 </Project>
diff --git a/Laerdal.Scripts/Laerdal.Builder.targets b/Laerdal.Scripts/Laerdal.Builder.targets
index a172cb2..56738eb 100644
--- a/Laerdal.Scripts/Laerdal.Builder.targets
+++ b/Laerdal.Scripts/Laerdal.Builder.targets
@@ -24,9 +24,16 @@
         <PackageOutputPath Condition=" '$(PackageOutputPath)' == '' ">$(BUILD_ARTIFACTSTAGINGDIRECTORY)</PackageOutputPath>
         <PackageOutputPath Condition=" '$(PackageOutputPath)' == '' ">$([System.IO.Path]::Combine($(MSBuildThisFileDirectory), `..`, `Artifacts/`))</PackageOutputPath>
 
+        <!-- https://docs.gitlab.com/ee/ci/variables/predefined_variables.html                                                                             -->
+        <!-- https://help.github.com/en/actions/configuring-and-managing-workflows/using-environment-variables                                             -->
+        <!-- https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml&WT.mc_id=DT-MVP-5003978#system-variables -->
+        <Is_CI_Build Condition="     '$(TF_BUILD)' == 'true'  or  '$(GITHUB_ACTIONS)' == 'true'  or  '$(GITLAB_CI)' == 'true' ">true</Is_CI_Build>
+        <Is_Core_Branch Condition="  '$(Laerdal_Source_Branch)' == 'refs/heads/main'  or  '$(Laerdal_Source_Branch)' == 'refs/heads/master'  or  '$(Laerdal_Source_Branch)' == 'refs/heads/develop' ">true</Is_Core_Branch>
+        <Is_Pull_Request Condition=" '$(Laerdal_Source_Branch.StartsWith(refs/pull))' == 'true'  and  '$(Laerdal_Source_Branch.EndsWith(/merge))' == 'true' ">true</Is_Pull_Request>
+
         <Laerdal_Source_Branch Condition="           '$(Laerdal_Source_Branch)'          == '' ">$(BUILD_SOURCEBRANCH)</Laerdal_Source_Branch>
         <Laerdal_Repository_Path Condition="         '$(Laerdal_Repository_Path)'        == '' ">$(BUILD_REPOSITORY_NAME)</Laerdal_Repository_Path>
-        <Laerdal_Should_Tag_And_Release Condition="  '$(Laerdal_Should_Tag_And_Release)' == ''  AND  ( '$(Laerdal_Source_Branch)' == 'refs/heads/main'  OR  '$(Laerdal_Source_Branch)' == 'refs/heads/master'  OR  '$(Laerdal_Source_Branch)' == 'refs/heads/develop' ) ">True</Laerdal_Should_Tag_And_Release>
+        <Laerdal_Should_Tag_And_Release Condition="  '$(Laerdal_Should_Tag_And_Release)' == ''  and  ( '$(Is_Core_Branch)' == 'true' ) ">True</Laerdal_Should_Tag_And_Release>
 
         <Laerdal_Project>$([System.IO.Path]::Combine($(MSBuildThisFileDirectory), `..`, `Laerdal.Dfu`, `Laerdal.Dfu.csproj`))</Laerdal_Project>
 
@@ -75,7 +82,7 @@
             Condition=" '$(Laerdal_Should_Tag_And_Release)' == 'True' "
             AfterTargets="BuildProjects">
 
-        <Error Condition=" '$(Laerdal_Version)'        == '' " Text="'Laerdal_Version' has to be set. Please call this script again with the argument '/p:Laerdal_Version=...'" />
+        <Error Condition=" '$(Laerdal_Version)'             == '' " Text="'Laerdal_Version' has to be set. Please call this script again with the argument '/p:Laerdal_Version=...'" />
         <Error Condition=" '$(Laerdal_Source_Branch)'       == '' " Text="'Laerdal_Source_Branch' has to be set. Please call this script again with the argument '/p:Laerdal_Source_Branch=...'" />
         <Error Condition=" '$(Laerdal_Repository_Path)'     == '' " Text="'Laerdal_Repository_Path' has to be set. Please call this script again with the argument '/p:Laerdal_Repository_Path=...'" />
         <Error Condition=" '$(Laerdal_Github_Access_Token)' == '' " Text="'Laerdal_Github_Access_Token' has to be set. Please call this script again with the argument '/p:Laerdal_Github_Access_Token=...'" />

From 74f7d623b61ab6360c598b5e3e839d44743c6363 Mon Sep 17 00:00:00 2001
From: Kyriakos Sidiropoulos <kyriakos.sidiropoulos@laerdal.com>
Date: Thu, 5 Sep 2024 17:37:09 +0200
Subject: [PATCH 2/7] feat (Laerdal.Builder.targets): introduce support for
 sboms

---
 .github/workflows/github-actions.yml          |  38 ++-
 Laerdal.Scripts/Laerdal.Builder.targets       |  73 ++++-
 .../Laerdal.GenerateSignAndUploadSbom.sh      | 281 ++++++++++++++++++
 3 files changed, 371 insertions(+), 21 deletions(-)
 create mode 100755 Laerdal.Scripts/Laerdal.GenerateSignAndUploadSbom.sh

diff --git a/.github/workflows/github-actions.yml b/.github/workflows/github-actions.yml
index 5205ea7..dc061d8 100644
--- a/.github/workflows/github-actions.yml
+++ b/.github/workflows/github-actions.yml
@@ -21,6 +21,10 @@ env:
   SCL_NUGET_ORG_FEED_API_KEY: ${{     secrets.NUGET_ORG_FEED_API_KEY         }}
   SCL_GITHUB_NUGET_FEED_USERNAME: ${{ secrets.SCL_GITHUB_NUGET_FEED_USERNAME }}
 
+  SCL_DEPENDENCY_TRACKER_API_KEY: ${{             secrets.SCL_DEPENDENCY_TRACKER_API_KEY             }}
+  SCL_DEPENDENCY_TRACKER_SERVER_URL: ${{          secrets.SCL_DEPENDENCY_TRACKER_SERVER_URL          }}
+  SCL_DEPENDENCY_TRACKER_SIGNING_PRIVATE_KEY: ${{ secrets.SCL_DEPENDENCY_TRACKER_SIGNING_PRIVATE_KEY }}
+
 
 on:
   workflow_call: #     so that other workflows can trigger this
@@ -30,7 +34,7 @@ on:
     branches:
       - '**' #        '*' matches zero or more characters but does not match the `/` character    '**' matches zero or more of any character
 
-  pull_request:
+  pull_request: # we need to build on pull requests so that we can generate and upload the sbom before merging onto main/develop branches
     branches:
       - '**'
 
@@ -73,16 +77,26 @@ jobs:
       - name: '🏗 📦 Build, Pack & Announce New Release (if appropriate)'
         shell: 'bash'
         run: |
-          cd                  "${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts"                \
-                     &&                                                                             \
-          dotnet                                                                                    \
-             msbuild                                                                                \
-             "Laerdal.Builder.targets"                                                              \
-                                                                                                    \
-                           -p:PackageOutputPath="${{ env.BUILD_REPOSITORY_FOLDERPATH }}/Artifacts"  \
-                       -p:Laerdal_Source_Branch="${{ env.LAERDAL_SOURCE_BRANCH       }}"            \
-                     -p:Laerdal_Repository_Path="${{ env.LAERDAL_REPOSITORY_PATH     }}"            \
-                 -p:Laerdal_Github_Access_Token="${{ env.SCL_GITHUB_ACCESS_TOKEN     }}"
+          cd                  "${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts"                                                                                                    \
+                     &&                                                                                                                                                                 \
+          echo  "${{env.SCL_DEPENDENCY_TRACKER_API_KEY}}"              >  "./dependency_tracker_api_key.ppk"                                                                            \
+                     &&                                                                                                                                                                 \
+          echo  "${{env.SCL_DEPENDENCY_TRACKER_SIGNING_PRIVATE_KEY}}"  >  "./dependency_tracker_private_signing_key.ppk"                                                                \
+                     &&                                                                                                                                                                 \
+          dotnet                                                                                                                                                                        \
+             msbuild                                                                                                                                                                    \
+             "Laerdal.Builder.targets"                                                                                                                                                  \
+                                                                                                                                                                                        \
+                                                        -p:PackageOutputPath="${{ env.BUILD_REPOSITORY_FOLDERPATH }}/Artifacts"                                                         \
+                                                    -p:Laerdal_Source_Branch="${{ env.LAERDAL_SOURCE_BRANCH       }}"                                                                   \
+                                                  -p:Laerdal_Repository_Path="${{ env.LAERDAL_REPOSITORY_PATH     }}"                                                                   \
+                                              -p:Laerdal_Github_Access_Token="${{ env.SCL_GITHUB_ACCESS_TOKEN     }}"                                                                   \
+                                                                                                                                                                                        \
+                                    -p:Laerdal_Dependency_Tracker_Server_Url="${{ env.SCL_DEPENDENCY_TRACKER_SERVER_URL  }}"                                                            \
+                             -p:Laerdal_Dependency_Tracker_Api_Key_File_Path="${{ env.BUILD_REPOSITORY_FOLDERPATH        }}/Laerdal.Scripts/dependency_tracker_api_key.ppk"             \
+                 -p:Laerdal_Dependency_Tracker_Private_Signing_Key_File_Path="${{ env.BUILD_REPOSITORY_FOLDERPATH        }}/Laerdal.Scripts/dependency_tracker_private_signing_key.ppk" \
+                     &&                                                                                                                                                                 \
+          rm   "./dependency_tracker_private_signing_key.ppk"    "./dependency_tracker_api_key.ppk"
 
       - name: '⬆️ Upload Artifacts' # to share with other workflows   https://stackoverflow.com/a/77663335/863651
         uses: 'actions/upload-artifact@v4'
@@ -93,7 +107,7 @@ jobs:
 
       - name: '🚀 Publish to the Laerdal Nuget Server on Github' # https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-nuget-registry
         shell: 'bash'
-        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/ksidirop/MAN-335-ios-runtime-error-fix-about-you-should-not-call-this-method'
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
         run: |
           cd "${{env.BUILD_REPOSITORY_FOLDERPATH}}/Artifacts/"                                    \
                     &&                                                                            \
diff --git a/Laerdal.Scripts/Laerdal.Builder.targets b/Laerdal.Scripts/Laerdal.Builder.targets
index a172cb2..e3b9b32 100644
--- a/Laerdal.Scripts/Laerdal.Builder.targets
+++ b/Laerdal.Scripts/Laerdal.Builder.targets
@@ -24,9 +24,19 @@
         <PackageOutputPath Condition=" '$(PackageOutputPath)' == '' ">$(BUILD_ARTIFACTSTAGINGDIRECTORY)</PackageOutputPath>
         <PackageOutputPath Condition=" '$(PackageOutputPath)' == '' ">$([System.IO.Path]::Combine($(MSBuildThisFileDirectory), `..`, `Artifacts/`))</PackageOutputPath>
 
-        <Laerdal_Source_Branch Condition="           '$(Laerdal_Source_Branch)'          == '' ">$(BUILD_SOURCEBRANCH)</Laerdal_Source_Branch>
-        <Laerdal_Repository_Path Condition="         '$(Laerdal_Repository_Path)'        == '' ">$(BUILD_REPOSITORY_NAME)</Laerdal_Repository_Path>
-        <Laerdal_Should_Tag_And_Release Condition="  '$(Laerdal_Should_Tag_And_Release)' == ''  AND  ( '$(Laerdal_Source_Branch)' == 'refs/heads/main'  OR  '$(Laerdal_Source_Branch)' == 'refs/heads/master'  OR  '$(Laerdal_Source_Branch)' == 'refs/heads/develop' ) ">True</Laerdal_Should_Tag_And_Release>
+        <!-- https://docs.gitlab.com/ee/ci/variables/predefined_variables.html                                                                             -->
+        <!-- https://help.github.com/en/actions/configuring-and-managing-workflows/using-environment-variables                                             -->
+        <!-- https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml&WT.mc_id=DT-MVP-5003978#system-variables -->
+        <Is_CI_Build Condition="     '$(TF_BUILD)' == 'true'  or  '$(GITHUB_ACTIONS)' == 'true'  or  '$(GITLAB_CI)' == 'true' ">true</Is_CI_Build>
+        <Is_Core_Branch Condition="  '$(Laerdal_Source_Branch)' == 'refs/heads/main'  or  '$(Laerdal_Source_Branch)' == 'refs/heads/master'  or  '$(Laerdal_Source_Branch)' == 'refs/heads/develop' ">true</Is_Core_Branch>
+        <Is_Pull_Request Condition=" '$(Laerdal_Source_Branch.StartsWith(refs/pull))' == 'true'  and  '$(Laerdal_Source_Branch.EndsWith(/merge))' == 'true' ">true</Is_Pull_Request>
+
+        <Laerdal_Dependency_Tracker_Server_Url Condition=" '$(Laerdal_Dependency_Tracker_Server_Url)' == '' ">https://dep-tracker.laerdal.com/api/api/v1/bom</Laerdal_Dependency_Tracker_Server_Url>
+
+        <Laerdal_Source_Branch Condition="                    '$(Laerdal_Source_Branch)'                    == '' ">$(BUILD_SOURCEBRANCH)</Laerdal_Source_Branch>
+        <Laerdal_Repository_Path Condition="                  '$(Laerdal_Repository_Path)'                  == '' ">$(BUILD_REPOSITORY_NAME)</Laerdal_Repository_Path>
+        <Laerdal_Should_Tag_And_Release Condition="           '$(Laerdal_Should_Tag_And_Release)'           == ''  and    '$(Is_Core_Branch)' == 'true' ">True</Laerdal_Should_Tag_And_Release>
+        <Laerdal_Should_Generate_and_Upload_Sbom Condition="  '$(Laerdal_Should_Generate_and_Upload_Sbom)'  == ''  and  ( '$(Is_Core_Branch)' == 'true'  or  '$(Is_Pull_Request)' == 'true' ) ">True</Laerdal_Should_Generate_and_Upload_Sbom>
 
         <Laerdal_Project>$([System.IO.Path]::Combine($(MSBuildThisFileDirectory), `..`, `Laerdal.Dfu`, `Laerdal.Dfu.csproj`))</Laerdal_Project>
 
@@ -43,12 +53,16 @@
     </PropertyGroup>
 
     <Target Name="PrintConfiguration">
-        <Message Importance="High" Text="** Configuration           = '$(Configuration)'"/>
-        <Message Importance="High" Text="** PackageOutputPath       = '$(PackageOutputPath)'"/>
+        <Message Importance="High" Text="** Is_CI_Build             = '$(Is_CI_Build)'              "/>
+        <Message Importance="High" Text="** Is_Core_Branch          = '$(Is_Core_Branch)'           "/>
+        <Message Importance="High" Text="** Is_Pull_Request         = '$(Is_Pull_Request)'          "/>
+
+        <Message Importance="High" Text="** Configuration           = '$(Configuration)'            "/>
+        <Message Importance="High" Text="** PackageOutputPath       = '$(PackageOutputPath)'        "/>
 
-        <Message Importance="High" Text="** Laerdal_Version         = '$(Laerdal_Version)'"/>
-        <Message Importance="High" Text="** Laerdal_Source_Branch   = '$(Laerdal_Source_Branch)'"/>
-        <Message Importance="High" Text="** Laerdal_Repository_Path = '$(Laerdal_Repository_Path)'"/>
+        <Message Importance="High" Text="** Laerdal_Version         = '$(Laerdal_Version)'          "/>
+        <Message Importance="High" Text="** Laerdal_Source_Branch   = '$(Laerdal_Source_Branch)'    "/>
+        <Message Importance="High" Text="** Laerdal_Repository_Path = '$(Laerdal_Repository_Path)'  "/>
         <!-- <Message Importance="High" Text="** Laerdal_Github_Access_Token   ='$(Laerdal_Github_Access_Token)'"/> dont -->
     </Target>
 
@@ -75,7 +89,7 @@
             Condition=" '$(Laerdal_Should_Tag_And_Release)' == 'True' "
             AfterTargets="BuildProjects">
 
-        <Error Condition=" '$(Laerdal_Version)'        == '' " Text="'Laerdal_Version' has to be set. Please call this script again with the argument '/p:Laerdal_Version=...'" />
+        <Error Condition=" '$(Laerdal_Version)'             == '' " Text="'Laerdal_Version' has to be set. Please call this script again with the argument '/p:Laerdal_Version=...'" />
         <Error Condition=" '$(Laerdal_Source_Branch)'       == '' " Text="'Laerdal_Source_Branch' has to be set. Please call this script again with the argument '/p:Laerdal_Source_Branch=...'" />
         <Error Condition=" '$(Laerdal_Repository_Path)'     == '' " Text="'Laerdal_Repository_Path' has to be set. Please call this script again with the argument '/p:Laerdal_Repository_Path=...'" />
         <Error Condition=" '$(Laerdal_Github_Access_Token)' == '' " Text="'Laerdal_Github_Access_Token' has to be set. Please call this script again with the argument '/p:Laerdal_Github_Access_Token=...'" />
@@ -97,4 +111,45 @@
               WorkingDirectory="$(MSBuildThisFileDirectory)/.."/>
     </Target>
 
+
+    <!-- GENERATE + UPLOAD SBOM -->
+    <Target Name="GenerateSBOM"
+            Condition=" '$(Laerdal_Should_Generate_and_Upload_Sbom)' == 'True' "
+            AfterTargets="CreateGithubReleaseWithTag">
+
+        <Error Condition=" '$(PackageOutputPath)'                                        == '' " Text="'PackageOutputPath' has to be set. Please call this script again with the argument '/p:PackageOutputPath=...'"/>
+        <Error Condition=" '$(Laerdal_Project)'                                          == '' " Text="'Laerdal_Project' has to be set. Please call this script again with the argument '/p:Laerdal_Project=...'"/>
+        <Error Condition=" '$(Laerdal_Version_Full)'                                     == '' " Text="'Laerdal_Version_Full' has to be set. Please call this script again with the argument '/p:Laerdal_Version_Full=...'"/>
+        <Error Condition=" '$(Laerdal_Dependency_Tracker_Api_Key_File_Path)'             == '' " Text="'Laerdal_Dependency_Tracker_Api_Key_File_Path' has to be set. Please call this script again with the argument '/p:Laerdal_Dependency_Tracker_Api_Key_File_Path=...'"/>
+        <Error Condition=" '$(Laerdal_Dependency_Tracker_Private_Signing_Key_File_Path)' == '' " Text="'Laerdal_Dependency_Tracker_Private_Signing_Key_File_Path' has to be set. Please call this script again with the argument '/p:Laerdal_Dependency_Tracker_Private_Signing_Key_File_Path=...'"/>
+
+        <PropertyGroup>
+            <!-- notice that we intentionally use $(Laerdal_Version_Assembly) instead of $(Laerdal_Version_Full) -->
+            <!-- because cyclonedx inherently ear-tags sboms with the former rather than the later               -->
+
+            <_Laerdal_Project_Name>$([System.IO.Path]::GetFileName('$(Laerdal_Project)').Replace('.csproj', ''))</_Laerdal_Project_Name>
+
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --project-version &quot;$(Laerdal_Version_Assembly)&quot;</_Laerdal_Sbom_Script_Parameters>
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --output-directory-path &quot;$(PackageOutputPath)&quot;</_Laerdal_Sbom_Script_Parameters>
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --sbom-signing-key-file-path &quot;$(Laerdal_Dependency_Tracker_Private_Signing_Key_File_Path)&quot;</_Laerdal_Sbom_Script_Parameters>
+
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --dependency-tracker-url &quot;$(Laerdal_Dependency_Tracker_Server_Url)&quot;</_Laerdal_Sbom_Script_Parameters>
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --dependency-tracker-api-key-file-path &quot;$(Laerdal_Dependency_Tracker_Api_Key_File_Path)&quot;</_Laerdal_Sbom_Script_Parameters>
+
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --csproj-classifier &quot;Library&quot;</_Laerdal_Sbom_Script_Parameters>
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --csproj-file-path &quot;$(Laerdal_Project)&quot;</_Laerdal_Sbom_Script_Parameters>
+
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --project-name &quot;$(_Laerdal_Project_Name)&quot;</_Laerdal_Sbom_Script_Parameters>
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --output-sbom-file-name &quot;sbom.laerdal.dfu.xml&quot;</_Laerdal_Sbom_Script_Parameters>
+
+            <_Laerdal_Sbom_Script_Parameters>$(_Laerdal_Sbom_Script_Parameters)  --parent-project-name &quot;[Group(Legacy)::Laerdal.Dfu]&quot;</_Laerdal_Sbom_Script_Parameters>
+        </PropertyGroup>
+
+        <!-- https://docs.dependencytrack.org/usage/cicd/#large-payloads   also notice that we are forced to target           -->
+        <!-- /api/api/v1/bom instead of /api/v1/bom due to an inherent misconfiguration of laerdal's dependency-track server  -->
+        <Message Importance="High" Text="** Generating, Singing and Uploading SBOMs:"/>
+
+        <Exec Command="   bash    Laerdal.GenerateSignAndUploadSbom.sh     $(_Laerdal_Sbom_Script_Parameters)  " ConsoleToMSBuild="true" WorkingDirectory="$(Laerdal_Script_FolderPath)"/>
+    </Target>
+    
 </Project>
diff --git a/Laerdal.Scripts/Laerdal.GenerateSignAndUploadSbom.sh b/Laerdal.Scripts/Laerdal.GenerateSignAndUploadSbom.sh
new file mode 100755
index 0000000..6fd1b6c
--- /dev/null
+++ b/Laerdal.Scripts/Laerdal.GenerateSignAndUploadSbom.sh
@@ -0,0 +1,281 @@
+#!/bin/bash
+
+# set -x
+
+declare project_name=""
+declare project_version=""
+
+declare parent_project_name=""
+declare parent_project_version=""
+
+declare csproj_file_path=""
+declare csproj_classifier=""
+declare output_directory_path=""
+declare output_sbom_file_name=""
+declare sbom_signing_key_file_path=""
+
+declare dependency_tracker_url=""
+declare dependency_tracker_api_key_file_path=""
+
+
+function parse_arguments() {
+
+  while [[ $# -gt 0 ]]; do
+    case $1 in
+    
+    --project-name)
+      project_name="$2"
+      shift
+      ;;
+    
+    --project-version)
+      project_version="$2"
+      shift
+      ;;
+    
+    --parent-project-name)
+      parent_project_name="$2"
+      shift
+      ;;
+
+    --parent-project-version)
+      parent_project_version="$2"
+      shift
+      ;;
+
+    --csproj-file-path)
+      csproj_file_path="$2"
+      shift
+      ;;
+
+    --csproj-classifier)
+      csproj_classifier="$2"
+      shift
+      ;;
+
+    --output-directory-path)
+      output_directory_path="$2"
+      shift
+      ;;
+    
+    --output-sbom-file-name)
+      output_sbom_file_name="$2"
+      shift
+      ;;
+
+    --sbom-signing-key-file-path)
+      sbom_signing_key_file_path="$2"
+      shift
+      ;;
+
+    --dependency-tracker-url)
+      dependency_tracker_url="$2"
+      shift
+      ;;
+
+    --dependency-tracker-api-key-file-path)
+      dependency_tracker_api_key_file_path="$2"
+      shift
+      ;;
+
+    *)
+      echo "Unknown option: $1"
+      usage
+      exit 1
+      ;;
+    esac
+
+    shift
+  done
+
+  if [[ -z ${project_name} ]]; then
+    echo "Specifying --project-name is mandatory!"
+    usage
+    exit 1
+  fi
+
+  if [[ -z ${project_version} ]]; then
+    echo "Specifying --project-version is mandatory!"
+    usage
+    exit 1
+  fi
+
+  # if [[ -z ${parent_project_name} ]]; then         this is optional
+  #      ...
+
+  # if [[ -z ${parent_project_version} ]]; then         this is optional
+  #      ...
+  
+  # if [[ -n ${parent_project_name} && -z ${parent_project_version} ]]; then # nah   better not to enforce this
+  #   echo "Specifying --parent-project-version is mandatory when --parent-project-name has been used!"
+  #   usage
+  #   exit 1    
+  # fi
+
+  if [[ -z ${csproj_file_path} ]]; then
+    echo "Specifying --csproj-file-path is mandatory!"
+    usage
+    exit 1
+  fi
+
+  if [[ -z ${csproj_classifier} ]]; then
+    echo "Specifying --csproj-classifier is mandatory!"
+    usage
+    exit 1
+  fi
+
+  if [[ -z ${output_directory_path} ]]; then
+    echo "Specifying --output-directory-path is mandatory!"
+    usage
+    exit 1
+  fi
+
+  if [[ -z ${output_sbom_file_name} ]]; then
+    echo "Specifying --output-sbom-file-name is mandatory!"
+    usage
+    exit 1
+  fi
+  
+  if [[ -z ${sbom_signing_key_file_path} ]]; then
+    echo "Specifying --sbom-signing-key-file-path is mandatory!"
+    usage
+    exit 1
+  fi
+  
+  if [[ -z ${dependency_tracker_url} ]]; then
+    echo "Specifying --dependency-tracker-url is mandatory!"
+    usage
+    exit 1
+  fi
+
+  if [[ -z ${dependency_tracker_api_key_file_path} ]]; then
+    echo "Specifying --dependency-tracker-api-key-file-path is mandatory!"
+    usage
+    exit 1
+  fi
+}
+
+function usage() {
+  local -r script_name=$(basename "$0")
+
+  echo "Usage: ${script_name}  --project-name  <name>   --project-version <version>   [--parent-project-name  <name>   --parent-project-version <version>]   --csproj-file-path <path>    --csproj-file-path <path>   --output-directory-path <path>  --output-sbom-file-name <name>   --sbom-signing-key-file-path <path>   --dependency-tracker-url <url>   --dependency-tracker-api-key-file-path <api_key>  "
+}
+
+function install_tools() {
+
+  echo
+  echo "** Installing CycloneDX as a dotnet tool:"
+  dotnet   tool       \
+           install    \
+               --global   CycloneDX
+  declare exitCode=$?
+  if [ $exitCode != 0 ]; then
+    echo "##vso[task.logissue type=error]Something went wrong with the CycloneDX tool for dotnet."
+    exit 10
+  fi
+
+  echo
+  echo "** CycloneDX:"
+  which    dotnet-CycloneDX   &&   dotnet-CycloneDX   --version
+  declare exitCode=$?
+  if [ $exitCode != 0 ]; then
+    echo "##vso[task.logissue type=error]Something's wrong with 'dotnet-CycloneDX'."
+    exit 12
+  fi
+
+  # we need to install the CycloneDX tool too in order to sign the artifacts
+  curl         --output cyclonedx    --url https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.26.0/cyclonedx-win-x64.exe \
+    && chmod   +x       cyclonedx
+  declare exitCode=$?
+  if [ $exitCode != 0 ]; then
+    echo "##vso[task.logissue type=error]Failed to install 'cyclonedx'."
+    exit 13
+  fi
+
+}
+
+function generate_sign_and_upload_sbom() {
+  # set -x
+
+  # GENERATE SBOM
+  dotnet-CycloneDX      "${csproj_file_path}"             \
+        --exclude-dev                                     \
+        --include-project-references                      \
+                                                          \
+        --output      "${output_directory_path}"          \
+        --set-type    "${csproj_classifier}"              \
+        --set-version "${project_version}"                \
+                                                          \
+        --filename "${output_sbom_file_name}"
+  declare exitCode=$?
+  if [ ${exitCode} != 0 ]; then
+    echo "##vso[task.logissue type=error]Failed to generate the SBOM!"
+    exit 20
+  fi
+
+
+
+  # SIGN SBOM     todo  figure out why this doesnt actually sign anything on windows even though on macos it works as intended
+  declare -r bom_file_path="${output_directory_path}/${output_sbom_file_name}"
+  ./cyclonedx  sign   bom             \
+               "${bom_file_path}"     \
+               --key-file   "${sbom_signing_key_file_path}"
+  declare exitCode=$?
+  if [ ${exitCode} != 0 ]; then
+    echo "##vso[task.logissue type=error]Singing the SBOM failed!"
+    exit 30
+  fi
+  #  echo -e "\n\n"
+  #  tail "${bom_file_path}"
+  #  echo -e "\n\n"
+
+
+
+  # UPLOAD SBOM
+  declare optional_parent_project_name_parameter=""
+  if [[ -n ${parent_project_name} ]]; then
+      optional_parent_project_name_parameter="--form parentName=${parent_project_name}"
+  fi
+  
+  declare optional_parent_project_version_parameter=""
+  if [[ -n ${parent_project_version} ]]; then
+      optional_parent_project_version_parameter="--form parentVersion=${parent_project_version}"
+  fi
+
+  declare -r http_response_code=$(                                                                       \
+      curl   "${dependency_tracker_url}"                                                                 \
+                                --location                                                               \
+                                --request "POST"                                                         \
+                                                                                                         \
+                                --header "Content-Type: multipart/form-data"                             \
+                                --header "X-API-Key: $(cat "${dependency_tracker_api_key_file_path}")"   \
+                                                                                                         \
+                                --form "bom=@${bom_file_path}"                                           \
+                                --form "autoCreate=true"                                                 \
+                                                                                                         \
+                                --form "projectName=${project_name}"                                     \
+                                --form "projectVersion=${project_version}"                               \
+                                                                                                         \
+                                ${optional_parent_project_name_parameter}                                \
+                                ${optional_parent_project_version_parameter}                             \
+                                                                                                         \
+                                -w "%{http_code}"                                                        \
+  )
+  declare exitCode=$?
+  set +x
+  
+  echo "** Curl sbom-uploading HTTP Response Code: ${http_response_code}"
+  
+  if [ ${exitCode} != 0 ]; then
+    echo "##vso[task.logissue type=error]SBOM Uploading failed!"
+    exit 40
+  fi
+}
+
+function main() {
+  parse_arguments "$@"
+  install_tools
+  generate_sign_and_upload_sbom
+}
+
+main "$@"

From 96a096c9e53198d702b9efda2c2732a76b20f76e Mon Sep 17 00:00:00 2001
From: Kyriakos Sidiropoulos <kyriakos.sidiropoulos@laerdal.com>
Date: Thu, 5 Sep 2024 17:37:34 +0200
Subject: [PATCH 3/7] update (Laerdal.CreateNewReleaseInGithub.sh): we now use
 the 'gh' cli tool to create a new release

---
 .../Laerdal.CreateNewReleaseInGithub.sh       | 62 +++++--------------
 1 file changed, 15 insertions(+), 47 deletions(-)

diff --git a/Laerdal.Scripts/Laerdal.CreateNewReleaseInGithub.sh b/Laerdal.Scripts/Laerdal.CreateNewReleaseInGithub.sh
index cf1ce63..767c6c6 100644
--- a/Laerdal.Scripts/Laerdal.CreateNewReleaseInGithub.sh
+++ b/Laerdal.Scripts/Laerdal.CreateNewReleaseInGithub.sh
@@ -8,12 +8,12 @@ declare GITHUB_ACCESS_TOKEN=""
 declare GITHUB_REPOSITORY_PATH=""
 
 function parse_arguments() {
+
   while [[ $# -gt 0 ]]; do
     case $1 in
-
     -v | --log)
       VERBOSE=1
-      shift
+      # shift   dont shift   no need for this one
       ;;
 
     -r | --repository-path)
@@ -41,8 +41,8 @@ function parse_arguments() {
       usage
       exit 1
       ;;
-
     esac
+
     shift
   done
 
@@ -100,57 +100,25 @@ function create_release_on_github() {
     eventual_singleline_summary="Alpha $eventual_tag_name"
   fi
 
-  local -r payload=$(
-    cat <<EOF
-{
-  "tag_name": "$eventual_tag_name",
-  "target_commitish": "$GIT_BRANCH",
-
-  "name": "$eventual_singleline_summary",
-  "generate_release_notes": true,
-
-  "draft": false,
-  "prerelease": false
-}
-EOF
-  )
-
-  local -r api_url="https://api.github.com/repos/$GITHUB_REPOSITORY_PATH/releases"
-
-  echo "** Creating release on GitHub ..."
-
-  local -r response=$(
-    curl \
-      -i \
-      -sS \
-      -X "POST" \
-      -o /dev/null \
-      -d "$payload" \
-      -w "%{http_code}" \
-      -H "Content-Type:application/json" \
-      -H "Accept:application/vnd.github+json" \
-      -H "Authorization: Bearer $GITHUB_ACCESS_TOKEN" \
-      "$api_url"
-  )
-  local -r curl_exit_code=$?
-
-  log "** api_url=$api_url"
-  log "** payload=$payload"
-  log "** response=$response"
-  log "** curl_exit_code=$curl_exit_code"
-  if [[ $curl_exit_code -ne 0 ]]; then
-    exit_with_error "curl failed with exit code $?"
+  gh    auth      login   --with-token   <<<"$GITHUB_ACCESS_TOKEN"
+  local -r gh_auth_login_exit_code=$?
+  if [[ $gh_auth_login_exit_code -ne 0 ]]; then
+    exit_with_error "GitHub CLI exited with code '$gh_auth_login_exit_code' upon attempting to login using a github access token!"
   fi
 
-  local -r http_status_code="${response}"
-  if [[ $http_status_code -ge 300 ]]; then
-    exit_with_error "API returned HTTP status $http_status_code"
+  gh    release   create         "$eventual_tag_name"              \
+        --title                  "$eventual_singleline_summary"    \
+        --target                 "$GIT_BRANCH"                     \
+        --generate-notes
+  local -r gh_create_release_exit_code=$?
+  if [[ $gh_create_release_exit_code -ne 0 ]]; then
+    exit_with_error "GitHub CLI exited with code '$gh_create_release_exit_code' upon attempting to create a new release!"
   fi
 }
 
 function log() {
   if [[ $VERBOSE -ne 0 ]]; then
-    echo "$@"
+    echo -e "$*"
   fi
 }
 

From 454117a04233e7663d21a12cbba82c63f6662b91 Mon Sep 17 00:00:00 2001
From: Francois Raminosona <francois.raminosona@laerdal.com>
Date: Fri, 13 Sep 2024 11:41:33 +0200
Subject: [PATCH 4/7] Removing .net standard 2.1

---
 Laerdal.Dfu/Laerdal.Dfu.csproj                    | 15 +--------------
 .../Platforms.NetStandard/DfuInstallation.cs      | 15 ---------------
 2 files changed, 1 insertion(+), 29 deletions(-)
 delete mode 100644 Laerdal.Dfu/Platforms.NetStandard/DfuInstallation.cs

diff --git a/Laerdal.Dfu/Laerdal.Dfu.csproj b/Laerdal.Dfu/Laerdal.Dfu.csproj
index 534bb6f..59bc72e 100644
--- a/Laerdal.Dfu/Laerdal.Dfu.csproj
+++ b/Laerdal.Dfu/Laerdal.Dfu.csproj
@@ -2,7 +2,7 @@
 
     <PropertyGroup>
         <!-- todo   add support for maccatalyst -->
-        <TargetFrameworks>net8.0-ios;net8.0-android;netstandard2.1;</TargetFrameworks>
+        <TargetFrameworks>net8.0-ios;net8.0-android</TargetFrameworks>
 
         <UseMaui>true</UseMaui>
         <SingleProject>true</SingleProject>
@@ -33,19 +33,6 @@
     </PropertyGroup>
     <!-- ============================ VERSION ============================ -->
 
-
-    <!-- ==================== NETSTANDARD PlACEHOLDER ==================== -->
-    <ItemGroup Condition=" '$(TargetFramework.StartsWith(netstandard))' == 'true' ">
-        <Compile Remove="Platforms\**\**">
-        </Compile>
-    </ItemGroup>
-
-    <ItemGroup Condition=" '$(TargetFramework.StartsWith(netstandard))' != 'true' ">
-        <Compile Remove="Platforms.NetStandard\**">
-        </Compile>
-    </ItemGroup>
-    <!-- ==================== NETSTANDARD PlACEHOLDER ==================== -->
-
     <Import Project="Laerdal.targets"/>
 
     <!-- =========================== PACKAGES ============================ -->    
diff --git a/Laerdal.Dfu/Platforms.NetStandard/DfuInstallation.cs b/Laerdal.Dfu/Platforms.NetStandard/DfuInstallation.cs
deleted file mode 100644
index b4cefaa..0000000
--- a/Laerdal.Dfu/Platforms.NetStandard/DfuInstallation.cs
+++ /dev/null
@@ -1,15 +0,0 @@
-namespace Laerdal.Dfu
-{
-    public partial class DfuInstallation
-    {
-        public DfuInstallation(string deviceId, string fileUrl)
-        {
-            throw new NotImplementedException();
-        }
-        
-        public override void Abort() => throw new NotImplementedException();
-        public override void Start() => throw new NotImplementedException();
-        public override void Pause() => throw new NotImplementedException();
-        public override void Resume() => throw new NotImplementedException();
-    }
-}

From a10e9e404c012164be04c5a4c7b479f410fda55d Mon Sep 17 00:00:00 2001
From: Francois Raminosona <francois.raminosona@laerdal.com>
Date: Fri, 13 Sep 2024 11:42:03 +0200
Subject: [PATCH 5/7] Testing automatic nuget login

---
 .github/workflows/github-actions.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/github-actions.yml b/.github/workflows/github-actions.yml
index dc061d8..40d8924 100644
--- a/.github/workflows/github-actions.yml
+++ b/.github/workflows/github-actions.yml
@@ -61,8 +61,8 @@ jobs:
                 &&                                                                                               \
                      "${{env.BUILD_REPOSITORY_FOLDERPATH}}/Laerdal.Scripts/Laerdal.SetupBuildEnvironment.sh"     \
                              "https://nuget.pkg.github.com/Laerdal/index.json"                                   \
-                             "${{ env.SCL_GITHUB_NUGET_FEED_USERNAME }}"                                         \
-                             "${{ env.SCL_GITHUB_ACCESS_TOKEN        }}"                                         \
+                             "${{ github.actor                       }}"                                         \
+                             "${{ github.token                       }}"                                         \
                              "${{ env.BUILD_REPOSITORY_FOLDERPATH    }}/Artifacts"
 
       # we need to manually install java11 because it is needed by the latest windows vm-images that run on

From de845583b4a0dc8702f2f706d377b412310d833b Mon Sep 17 00:00:00 2001
From: Francois Raminosona <francois.raminosona@laerdal.com>
Date: Fri, 13 Sep 2024 11:44:50 +0200
Subject: [PATCH 6/7] Building on macos

---
 .github/workflows/github-actions.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/github-actions.yml b/.github/workflows/github-actions.yml
index 40d8924..5a8b09e 100644
--- a/.github/workflows/github-actions.yml
+++ b/.github/workflows/github-actions.yml
@@ -43,7 +43,7 @@ jobs:
   
   build:
 
-    runs-on: 'windows-2022'
+    runs-on: 'macos-14'
     timeout-minutes: 20
 
     steps:

From 09f9fc70cce23296d8331bc7e6b7a216f3b77eda Mon Sep 17 00:00:00 2001
From: Francois Raminosona <francois.raminosona@laerdal.com>
Date: Fri, 13 Sep 2024 11:46:42 +0200
Subject: [PATCH 7/7] Cleaning up Maui references

---
 Laerdal.Dfu/Laerdal.targets | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/Laerdal.Dfu/Laerdal.targets b/Laerdal.Dfu/Laerdal.targets
index e2c1465..72ccb0c 100644
--- a/Laerdal.Dfu/Laerdal.targets
+++ b/Laerdal.Dfu/Laerdal.targets
@@ -88,6 +88,24 @@
         <Message Importance="High" Text="Version: $(Version)" />
     </Target>
 
+    <!-- ==================== MAUI for .NET8 changes ==================== -->
+    <ItemGroup>
+        <!-- Warning MA002 : Starting with .NET 8, setting  <UseMaui>true</UseMaui>  does not automatically include NuGet package references in your project.  
+        Update your project by including this item:  <PackageReference Include="Microsoft.Maui.Controls" Version="8.0.21" />.  
+        You can skip this warning by setting  <SkipValidateMauiImplicitPackageReferences>true</SkipValidateMauiImplicitPackageReferences>  in your project file. -->
+        <PackageReference Include="Microsoft.Maui.Controls" Version="$(MauiVersion)"/>
+        <PackageReference Include="Microsoft.Maui.Controls.Compatibility" Version="$(MauiVersion)"/>
+        <!-- Warning MA002 : Starting with .NET 8, setting  <UseMauiEssentials>true</UseMauiEssentials>  does not automatically include NuGet package references in your project.  
+        Update your project by including this item:  <PackageReference Include="Microsoft.Maui.Essentials" Version="8.0.21" />.  
+        You can skip this warning by setting  <SkipValidateMauiImplicitPackageReferences>true</SkipValidateMauiImplicitPackageReferences>  in your project file. 
+        <PackageReference Include="Microsoft.Maui.Essentials" Version="8.0.21" />-->
+    </ItemGroup>
+
+    <PropertyGroup>
+        <UseMaui>true</UseMaui>
+        <SkipValidateMauiImplicitPackageReferences>true</SkipValidateMauiImplicitPackageReferences>
+    </PropertyGroup>
+
     <!-- ==================== VERSION ==================== -->
     <PropertyGroup>
         <Laerdal_Version_Full Condition="     '$(Laerdal_Version_Full)'     == '' ">1.0.0</Laerdal_Version_Full>