refactor the crappy sbom generator as an aspect
diff --git a/tools/sbom/BUILD b/tools/sbom/BUILD
index 71a4d5e..ff86ba5 100644
--- a/tools/sbom/BUILD
+++ b/tools/sbom/BUILD
@@ -1,5 +1,19 @@
-# SBOM generator
-load("@rules_python//python:defs.bzl", "py_binary")
+# BUILD file defining @rules_license/tools/sbom
+#
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Sample SBOM generator."""
package(
default_package_metadata = ["//:license"],
@@ -7,10 +21,19 @@
)
filegroup(
- name = "srcs",
+ name = "standard_package",
srcs = glob(["**"]),
)
+# Do not create a bzl_library(). That would create a dependency loop back
+# to bazel-skylib. We export the .bzl files to the documentation maker.
+exports_files(
+ glob([
+ "*.bzl",
+ ]),
+ visibility = ["//doc_build:__pkg__"],
+)
+
py_binary(
name = "write_sbom_internal",
srcs = ["write_sbom.py"],
diff --git a/tools/sbom/sbom.bzl b/tools/sbom/sbom.bzl
index 48d9eac..ae95c2d 100644
--- a/tools/sbom/sbom.bzl
+++ b/tools/sbom/sbom.bzl
@@ -13,7 +13,13 @@
# limitations under the License.
"""Generate an SBOM for a target."""
-load("//rules_gathering:gather_packages.bzl", "gather_package_info", "packages_used")
+load(
+ "//rules_gathering:gather_packages.bzl",
+ "gather_package_info",
+ "packages_used",
+ "write_packages_info",
+ "TransitivePackageInfo"
+)
def _spdx_common(ctx, target, spdx_output, _gen_spdx_tool):
# Gather all licenses and write information to one place
@@ -49,11 +55,12 @@
return [
DefaultInfo(files = depset(outputs)),
OutputGroupInfo(
- spdx = depset(outputs),
+ sbom_spdx = depset(outputs),
),
]
def _sbom_impl(ctx):
+ print("TOAST1")
_create_sbom(ctx, ctx.file.packages_used, ctx.outputs.out, ctx.executable._sbom_generator)
_sbom = rule(
@@ -111,33 +118,29 @@
maven_install = maven_install,
)
-def _gen_spdx_impl(target, ctx):
- """
+def _gen_sbom_spdx_impl(target, ctx):
+ print("TOAST")
+ info_aspect_output = ctx.actions.declare_file("%s_info.json" % ctx.label.name)
+ # traverse output from aspect and assemble it for writing...
+ write_packages_info(
+ ctx,
+ top_level_target = target,
+ transitive_package_info = target[TransitivePackageInfo],
+ output = info_aspect_output,
+ )
spdx_output = ctx.actions.declare_file("%s.spdx.json" % ctx.label.name)
-
- name = "%s_info.json" % ctx.label.name
- aspect_output = ctx.actions.declare_file(name)
-
- # ... possibly traverse output from aspect and assemble it for writing...
- info = target[TransitiveLicensesInfo]
-
- # If the result doesn't contain licenses, we simply return the provider
- #if not hasattr(info, "target_under_license"):
- # return [OutputGroupInfo()]
-
- content = "[\n%s\n]\n" % ",\n".join(info_to_json(info))
- """
-
- #return _spdx_common(ctx, target, spdx_output, ctx.executable._gen_spdx)
- return _create_sbom(ctx, ctx.file.packages_used, ctx.output.out, ctx.executable._sbom_generator)
+ print("WRITE TO", spdx_output.path)
+ return _create_sbom(ctx, info_aspect_output, spdx_output, ctx.executable._gen_spdx)
gen_sbom_spdx = aspect(
- implementation = _gen_spdx_impl,
+ doc = """Generates an SPDX sbom for a target.""",
+ implementation = _gen_sbom_spdx_impl,
requires = [gather_package_info],
attrs = {
"_gen_spdx": attr.label(
default = Label("//tools/sbom:write_sbom_internal"),
+ allow_files = True,
executable = True,
cfg = "exec",
),
diff --git a/tools/sbom/write_sbom.py b/tools/sbom/write_sbom.py
index 1982124..3373379 100644
--- a/tools/sbom/write_sbom.py
+++ b/tools/sbom/write_sbom.py
@@ -243,7 +243,7 @@
# Useful for debugging
- maven_packages = None
+ maven_packages = {}
if opts.maven_install:
with open(opts.maven_install, "rt", encoding="utf-8") as inp:
maven_install = json.loads(inp.read())
