Merge pull request #23 from philips-software/add-notices-file-output

Add Notices File (VERSION_LICENSE) file output
philips-software · Nov 22, 2023 · 1831f51 · 1831f51
2 parents 25ea830 + b9c7c95
commit 1831f51
Show file tree

Hide file tree

Showing 6 changed files with 43 additions and 8 deletions.
diff --git a/.github/workflows/action-docs.yaml b/.github/workflows/action-docs.yaml
@@ -10,13 +10,13 @@ jobs:
   update:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - uses: npalm/action-docs-action@v1.2.0
+      - uses: npalm/action-docs-action@v1.4.0
 
       - name: Update readme in the repository
         if: github.event_name != 'pull_request'
-        uses: stefanzweifel/git-auto-commit-action@v4.14.1
+        uses: stefanzweifel/git-auto-commit-action@v5.0.0
         with:
           commit_message: "chore(ci): Updating readme"
           file_pattern: README.md
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-from bash:5.1
+FROM bash:5.2
 
 LABEL "name"="blackduck report action"
 LABEL "maintainer"="Jeroen Knoops <[email protected]>"

diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022 Philips Software
+Copyright (c) 2022-2023 Philips Software
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/MAINTAINERS.md b/MAINTAINERS.md
@@ -1,2 +1,3 @@
 - Jeroen Knoops <[email protected]>
 - Brend Smits <[email protected]>
+- [Bart Golsteijn](https://github.com/bartgolsteijn)
diff --git a/action.yml b/action.yml
@@ -18,10 +18,10 @@ inputs:
     description: 'Version in Black Duck'
     required: true
   report-format:
-    description: 'sbomType "SPDX_22" allows reportFormat values of "JSON", "RDF", "TAGVALUE" or "YAML". sbomType "CYCLONEDX_13" or "CYCLONEDX_14" allows reportFormat values of "JSON".'
+    description: 'sbomType "SPDX_22" allows reportFormat values of "JSON", "RDF", "TAGVALUE" or "YAML". sbomType "CYCLONEDX_13" or "CYCLONEDX_14" allows reportFormat values of "JSON". sbomType "VERSION_LICENSE" allows reportFormat value "TEXT".'
     default: "JSON"
   sbom-type:
-    description: 'Type of SBOM report. Allowed values - SPDX_22, CYCLONEDX_13 or CYCLONEDX_14'
+    description: 'Type of SBOM report. Allowed values - SPDX_22, CYCLONEDX_13, CYCLONEDX_14, or VERSION_LICENSE'
     default: "SPDX_22"
 outputs:
   sbom-file:

diff --git a/get-blackduck-report.sh b/get-blackduck-report.sh
@@ -13,7 +13,7 @@ function show_banner {
 
 function show_usage {
     echo
-    echo "Usage: ./get-blackduck-report.sh <blackduck-url> <blackduck-api-token> <project-name> <version-name>"
+    echo "Usage: ./get-blackduck-report.sh [blackduck-url] [blackduck-api-token] [project-name] [version-name] <report-type> <report-format>
 }
 
 function get_bearer {
@@ -66,6 +66,33 @@ function create_sbom_report {
   fi
 }
 
+function get_license_report_endpoint {
+  result=$(curl --silent -G "${project_api_url}/versions" --data-urlencode "q=versionName:${version}" \
+    --header "Authorization: Bearer $bearer_token")
+  if [ "$(echo "$result" | jq -r .totalCount)" -eq 0 ]
+  then
+    >&2 echo "ERROR: Cannot obtain license report endpoint for version: $version"
+    exit 1
+  else
+    echo "$result" | jq -r '.items[0]._meta.links[] | select(.rel=="licenseReports") | .href'
+  fi
+}
+
+function create_version_license_report {  
+  version_report_api=$(get_license_report_endpoint)
+  dataraw="{\"reportFormat\": \"TEXT\", \"reportType\" : \"VERSION_LICENSE\"}"
+  result=$(curl --silent --location --request POST "$version_report_api" \
+    --header "Authorization: Bearer $bearer_token" \
+    --header 'Content-Type: application/json' \
+    --data-raw "$dataraw" )
+  if [ "$result" != "" ]
+  then
+    >&2 echo "ERROR: error in creating license report"
+    >&2 echo "$result"
+    exit 1
+  fi
+}
+
 function get_report_id {
   report_status="IN_PROGRESS"
   max_retries=50
@@ -162,6 +189,9 @@ if [ "$sbom_type" == "CYCLONEDX_13" ] || [ "$sbom_type" == "CYCLONEDX_14" ]
 then
   echo "INFO: sbomType \"CYCLONEDX_13\" or \"CYCLONEDX_14\" allows reportFormat values of \"JSON\"."
   report_format="JSON"
+elif [ "$sbom_type" == "VERSION_LICENSE" ]
+then
+  report_format="TEXT"
 else
   report_format=${6:-"JSON"}
 fi
@@ -185,6 +215,10 @@ echo "+ creating SBOM report"
 if [ "${NO_CREATE}" == true ]
 then
   echo "| We're not creating a new report for the because of the secret environment variable NO_CREATE"
+elif [ "$sbom_type" == "VERSION_LICENSE" ]
+then
+  create_version_license_report
+  echo "| triggered creating VERSION LICENSE report"
 else
   create_sbom_report
   echo "| triggered creating SBOM report"