rules/sbom.bzl - third_party/github.com/bazelbuild/rules_license - Git at Google

 # Copyright 2022 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 """SBOM generation"""

 load(
     "@rules_license//rules:gather_metadata.bzl",
     "gather_metadata_info",
     "gather_metadata_info_and_write",
     "write_metadata_info",
 )
 load(
     "@rules_license//rules/private:gathering_providers.bzl",
     "TransitiveLicensesInfo",
 )

 # This rule is proof of concept, and may not represent the final
 # form of a rule for compliance validation.
 def _generate_sbom_impl(ctx):
     # Gather all licenses and write information to one place

     licenses_file = ctx.actions.declare_file("_%s_licenses_info.json" % ctx.label.name)
     write_metadata_info(ctx, ctx.attr.deps, licenses_file)

     # Now turn the big blob of data into something consumable.
     inputs = [licenses_file]
     outputs = [ctx.outputs.out]
     args = ctx.actions.args()
     args.add("--licenses_info", licenses_file.path)
     args.add("--out", ctx.outputs.out.path)
     ctx.actions.run(
         mnemonic = "CreateSBOM",
         progress_message = "Creating SBOM for %s" % ctx.label,
         inputs = inputs,
         outputs = outputs,
         executable = ctx.executable._sbom_generator,
         arguments = [args],
     )
     outputs.append(licenses_file)  # also make the json file available.
     return [DefaultInfo(files = depset(outputs))]

 _generate_sbom = rule(
     implementation = _generate_sbom_impl,
     attrs = {
         "deps": attr.label_list(
             aspects = [gather_metadata_info],
         ),
         "out": attr.output(mandatory = True),
         "_sbom_generator": attr.label(
             default = Label("@rules_license//tools:write_sbom"),
             executable = True,
             allow_files = True,
             cfg = "exec",
         ),
     },
 )

 def generate_sbom(**kwargs):
     _generate_sbom(**kwargs)

 def _manifest_impl(ctx):
     # Gather all licenses and make it available as deps for downstream rules
     # Additionally write the list of license filenames to a file that can
     # also be used as an input to downstream rules.
     licenses_file = ctx.actions.declare_file(ctx.attr.out.name)
     mappings = get_licenses_mapping(ctx.attr.deps, ctx.attr.warn_on_legacy_licenses)
     ctx.actions.write(
         output = licenses_file,
         content = "\n".join([",".join([f.path, p]) for (f, p) in mappings.items()]),
     )
     return [DefaultInfo(files = depset(mappings.keys()))]

 _manifest = rule(
     implementation = _manifest_impl,
     doc = """Internal tmplementation method for manifest().""",
     attrs = {
         "deps": attr.label_list(
             doc = """List of targets to collect license files for.""",
             aspects = [gather_metadata_info],
         ),
         "out": attr.output(
             doc = """Output file.""",
             mandatory = True,
         ),
         "warn_on_legacy_licenses": attr.bool(default = False),
     },
 )

 def manifest(name, deps, out = None, **kwargs):
     if not out:
         out = name + ".manifest"

     _manifest(name = name, deps = deps, out = out, **kwargs)

 def get_licenses_mapping(deps, warn = False):
     """Creates list of entries representing all licenses for the deps.

     Args:

       deps: a list of deps which should have TransitiveLicensesInfo providers.
             This requires that you have run the gather_licenses_info
             aspect over them

       warn: boolean, if true, display output about legacy targets that need
             update

     Returns:
       {File:package_name}
     """
     tls = []
     for dep in deps:
         lds = dep[TransitiveLicensesInfo].licenses
         tls.append(lds)

     ds = depset(transitive = tls)

     # Ignore any legacy licenses that may be in the report
     mappings = {}
     for lic in ds.to_list():
         if type(lic.license_text) == "File":
             mappings[lic.license_text] = lic.package_name
         elif warn:
             # buildifier: disable=print
             print("Legacy license %s not included, rule needs updating" % lic.license_text)

     return mappings
	# Copyright 2022 Google LLC
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# https://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	"""SBOM generation"""

	load(
	"@rules_license//rules:gather_metadata.bzl",
	"gather_metadata_info",
	"gather_metadata_info_and_write",
	"write_metadata_info",
	)
	load(
	"@rules_license//rules/private:gathering_providers.bzl",
	"TransitiveLicensesInfo",
	)

	# This rule is proof of concept, and may not represent the final
	# form of a rule for compliance validation.
	def _generate_sbom_impl(ctx):
	# Gather all licenses and write information to one place

	licenses_file = ctx.actions.declare_file("_%s_licenses_info.json" % ctx.label.name)
	write_metadata_info(ctx, ctx.attr.deps, licenses_file)

	# Now turn the big blob of data into something consumable.
	inputs = [licenses_file]
	outputs = [ctx.outputs.out]
	args = ctx.actions.args()
	args.add("--licenses_info", licenses_file.path)
	args.add("--out", ctx.outputs.out.path)
	ctx.actions.run(
	mnemonic = "CreateSBOM",
	progress_message = "Creating SBOM for %s" % ctx.label,
	inputs = inputs,
	outputs = outputs,
	executable = ctx.executable._sbom_generator,
	arguments = [args],
	)
	outputs.append(licenses_file) # also make the json file available.
	return [DefaultInfo(files = depset(outputs))]

	_generate_sbom = rule(
	implementation = _generate_sbom_impl,
	attrs = {
	"deps": attr.label_list(
	aspects = [gather_metadata_info],
	),
	"out": attr.output(mandatory = True),
	"_sbom_generator": attr.label(
	default = Label("@rules_license//tools:write_sbom"),
	executable = True,
	allow_files = True,
	cfg = "exec",
	),
	},
	)

	def generate_sbom(**kwargs):
	_generate_sbom(**kwargs)

	def _manifest_impl(ctx):
	# Gather all licenses and make it available as deps for downstream rules
	# Additionally write the list of license filenames to a file that can
	# also be used as an input to downstream rules.
	licenses_file = ctx.actions.declare_file(ctx.attr.out.name)
	mappings = get_licenses_mapping(ctx.attr.deps, ctx.attr.warn_on_legacy_licenses)
	ctx.actions.write(
	output = licenses_file,
	content = "\n".join([",".join([f.path, p]) for (f, p) in mappings.items()]),
	)
	return [DefaultInfo(files = depset(mappings.keys()))]

	_manifest = rule(
	implementation = _manifest_impl,
	doc = """Internal tmplementation method for manifest().""",
	attrs = {
	"deps": attr.label_list(
	doc = """List of targets to collect license files for.""",
	aspects = [gather_metadata_info],
	),
	"out": attr.output(
	doc = """Output file.""",
	mandatory = True,
	),
	"warn_on_legacy_licenses": attr.bool(default = False),
	},
	)

	def manifest(name, deps, out = None, **kwargs):
	if not out:
	out = name + ".manifest"

	_manifest(name = name, deps = deps, out = out, **kwargs)

	def get_licenses_mapping(deps, warn = False):
	"""Creates list of entries representing all licenses for the deps.

	Args:

	deps: a list of deps which should have TransitiveLicensesInfo providers.
	This requires that you have run the gather_licenses_info
	aspect over them

	warn: boolean, if true, display output about legacy targets that need
	update

	Returns:
	{File:package_name}
	"""
	tls = []
	for dep in deps:
	lds = dep[TransitiveLicensesInfo].licenses
	tls.append(lds)

	ds = depset(transitive = tls)

	# Ignore any legacy licenses that may be in the report
	mappings = {}
	for lic in ds.to_list():
	if type(lic.license_text) == "File":
	mappings[lic.license_text] = lic.package_name
	elif warn:
	# buildifier: disable=print
	print("Legacy license %s not included, rule needs updating" % lic.license_text)

	return mappings