Skip to content

Commit

Permalink
add publish to deptrack
Browse files Browse the repository at this point in the history
  • Loading branch information
@RetGal
RetGal committed Feb 12, 2025
1 parent 53e48a1 commit 4e5b0a8
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 4 deletions.
39 changes: 36 additions & 3 deletions ci/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,25 @@ func (m *Ci) Vulnscan(sbom *dagger.File) *dagger.File {
return trivy.Sbom(sbom).Report("json")
}

// Publish cyclonedx SBOM to Deptrack
func (m *Ci) PublishToDeptrack(
ctx context.Context,
// SBOM file
sbom *dagger.File,
// deptrack address for publishing the SBOM https://deptrack.example.com/api/v1/bom
address string,
// deptrack API key
apiKey *dagger.Secret,
// deptrack project UUID
projectUUID string,
) (string, error) {
return dag.Container().
From("curlimages/curl").
WithFile("sbom.json", sbom).
WithExec([]string{"curl", "-X", "POST", "-H", "'Content-Type: multipart/form-data'", "-H", fmt.Sprintf("'X-API-Key: %s'", apiKey), "-F", fmt.Sprintf("'project=%s'", projectUUID), "-F", "[email protected]", address}).
Stdout(ctx)
}

// Sign the published image using cosign
func (m *Ci) Sign(
ctx context.Context,
Expand Down Expand Up @@ -232,6 +251,12 @@ func (m *Ci) Ci(
registryPassword *dagger.Secret,
// registry address registry/repository/image:tag
registryAddress string,
// deptrack address for publishing the SBOM https://deptrack.example.com/api/v1/bom
dtAddress string,
// deptrack project UUID
dtProjectUUID string,
// deptrack API key
dtApiKey *dagger.Secret,
// ignore linter failures
// +optional
// +default=false
Expand All @@ -246,6 +271,7 @@ func (m *Ci) Ci(
digest, err := m.Publish(ctx, image, registryAddress)

if err == nil {
m.PublishToDeptrack(ctx, sbom, dtAddress, dtApiKey, dtProjectUUID)
m.Sign(ctx, registryUsername, registryPassword, digest)
m.Attest(ctx, registryUsername, registryPassword, digest, sbom, "cyclonedx")
}
Expand All @@ -271,6 +297,12 @@ func (m *Ci) CiIntegration(
registryPassword *dagger.Secret,
// registry address registry/repository/image:tag
registryAddress string,
// deptrack address for publishing the SBOM https://deptrack.example.com/api/v1/bom
dtAddress string,
// deptrack project UUID
dtProjectUUID string,
// deptrack API key
dtApiKey *dagger.Secret,
// ignore linter failures
// +optional
// +default=false
Expand Down Expand Up @@ -339,11 +371,12 @@ func (m *Ci) CiIntegration(

// After publishing the image, we can sign and attest
if err != nil {
return nil, err
return nil, err
}

m.Sign(ctx, registryUsername, registryPassword, digest)
m.Attest(ctx, registryUsername, registryPassword, digest, sbom, "cyclonedx")
m.PublishToDeptrack(ctx, sbom, dtAddress, dtApiKey, dtProjectUUID)
m.Sign(ctx, registryUsername, registryPassword, digest)
m.Attest(ctx, registryUsername, registryPassword, digest, sbom, "cyclonedx")

sbomName, _ := sbom.Name(ctx)
result_container := dag.Container().
Expand Down
2 changes: 1 addition & 1 deletion dagger.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "ci",
"engineVersion": "v0.15.2",
"engineVersion": "v0.15.3",
"sdk": "go",
"dependencies": [
{
Expand Down

0 comments on commit 4e5b0a8

Please sign in to comment.