Add SBOM for gradle plugins

^KTI-1299
2023-07-17 14:46:37 +02:00
parent b6e8937077
commit 3aee0ab994
3 changed files with 19 additions and 4 deletions
@@ -35,7 +35,7 @@ dependencies {
    compileOnly project(':dependencies:intellij-core')
 }

-GradleCommonKt.configureCommonPublicationSettingsForGradle(project, false)
+GradleCommonKt.configureCommonPublicationSettingsForGradle(project, false, false)
 GradleCommonKt.configureKotlinCompileTasksGradleCompatibility(project)
 GradleCommonKt.excludeGradleCommonDependencies(project, sourceSets.main)
 TasksKt.optInToExperimentalCompilerApi(project)
@@ -26,7 +26,7 @@ dependencies {
    }
 }

-configureCommonPublicationSettingsForGradle(signLibraryPublication)
+configureCommonPublicationSettingsForGradle(signLibraryPublication, sbom = false)

 publishing {
    publications {
@@ -65,18 +65,33 @@ val commonSourceSetName = "common"
 */
 fun Project.configureCommonPublicationSettingsForGradle(
    signingRequired: Boolean,
+    sbom: Boolean = true,
 ) {
    plugins.withId("maven-publish") {
-        configureDefaultPublishing(signingRequired)
-
        extensions.configure<PublishingExtension> {
            publications
                .withType<MavenPublication>()
                .configureEach {
                    configureKotlinPomAttributes(project)
+                    if (sbom) {
+                        if (name == "pluginMaven") {
+                            val sbomTask = configureSbom(target = "PluginMaven")
+                            artifact("$buildDir/spdx/PluginMaven/PluginMaven.spdx.json") {
+                                extension = "spdx.json"
+                                builtBy(sbomTask)
+                            }
+                        } else if (name == "Main") {
+                            val sbomTask = configureSbom()
+                            artifact("$buildDir/spdx/MainPublication/MainPublication.spdx.json") {
+                                extension = "spdx.json"
+                                builtBy(sbomTask)
+                            }
+                        }
+                    }
                }
        }
    }
+    configureDefaultPublishing(signingRequired)
 }

 /**