@@ -697,40 +697,89 @@ functions:
697
697
content_type : text/html
698
698
display_name : Scan Build Report
699
699
700
- " check augmented sbom " :
700
+ check augmented sbom :
701
+ - command : ec2.assume_role
702
+ type : setup
703
+ params :
704
+ role_arn : ${KONDUKTO_ROLE_ARN}
705
+ - command : subprocess.exec
706
+ type : setup
707
+ params :
708
+ binary : bash
709
+ include_expansions_in_env :
710
+ - AWS_ACCESS_KEY_ID
711
+ - AWS_SECRET_ACCESS_KEY
712
+ - AWS_SESSION_TOKEN
713
+ args :
714
+ - -c
715
+ - |
716
+ set -o errexit
717
+ set -o pipefail
718
+ kondukto_token="$(aws secretsmanager get-secret-value --secret-id "kondukto-token" --region "us-east-1" --query 'SecretString' --output text)"
719
+ printf "KONDUKTO_TOKEN: %s\n" "$kondukto_token" >|expansions.kondukto.yml
720
+ - command : expansions.update
721
+ type : setup
722
+ params :
723
+ file : expansions.kondukto.yml
701
724
- command : subprocess.exec
702
725
type : test
703
726
params :
704
- working_dir : " mongo-cxx-driver"
705
727
binary : bash
728
+ working_dir : mongo-cxx-driver
706
729
include_expansions_in_env :
707
- - ARTIFACTORY_USER
708
730
- ARTIFACTORY_PASSWORD
709
- - SILK_CLIENT_ID
710
- - SILK_CLIENT_SECRET
711
- args : [-c, .evergreen/check-augmented-sbom.sh]
731
+ - ARTIFACTORY_USER
732
+ - branch_name
733
+ - KONDUKTO_TOKEN
734
+ args :
735
+ - -c
736
+ - .evergreen/sbom.sh
712
737
713
- " upload augmented sbom " :
738
+ upload augmented sbom :
714
739
- command : s3.put
740
+ type : system
715
741
params :
742
+ display_name : Augmented SBOM (Old)
716
743
aws_key : ${aws_key}
717
744
aws_secret : ${aws_secret}
718
- remote_file : mongo-cxx-driver/${build_variant}/${revision}/${version_id}/${build_id}/silk/augmented.sbom.json
719
745
bucket : mciuploads
720
- permissions : public-read
721
- local_file : mongo-cxx-driver/etc/augmented.sbom.json.new
722
746
content_type : application/json
723
- display_name : Augmented SBOM
747
+ local_file : mongo-cxx-driver/old.json
748
+ permissions : public-read
749
+ remote_file : mongo-cxx-driver/${build_variant}/${revision}/${version_id}/${build_id}/sbom/old.json
724
750
- command : s3.put
751
+ type : system
725
752
params :
753
+ display_name : Augmented SBOM (New)
726
754
aws_key : ${aws_key}
727
755
aws_secret : ${aws_secret}
728
- remote_file : mongo-cxx-driver/${build_variant}/${revision}/${version_id}/${build_id}/silk/augmented.sbom.json.diff
729
756
bucket : mciuploads
757
+ content_type : application/json
758
+ local_file : mongo-cxx-driver/new.json
730
759
permissions : public-read
760
+ remote_file : mongo-cxx-driver/${build_variant}/${revision}/${version_id}/${build_id}/sbom/new.json
761
+ - command : s3.put
762
+ type : system
763
+ params :
764
+ display_name : Augmented SBOM (Diff)
765
+ aws_key : ${aws_key}
766
+ aws_secret : ${aws_secret}
767
+ bucket : mciuploads
768
+ content_type : application/json
731
769
local_file : mongo-cxx-driver/diff.txt
770
+ permissions : public-read
771
+ remote_file : mongo-cxx-driver/${build_variant}/${revision}/${version_id}/${build_id}/sbom/diff.txt
772
+ - command : s3.put
773
+ type : system
774
+ params :
775
+ display_name : Augmented SBOM (Updated)
776
+ aws_key : ${aws_key}
777
+ aws_secret : ${aws_secret}
778
+ bucket : mciuploads
732
779
content_type : application/json
733
- display_name : Augmented SBOM (Diff)
780
+ local_file : mongo-cxx-driver/etc/augmented.sbom.json.new
781
+ permissions : public-read
782
+ remote_file : mongo-cxx-driver/${build_variant}/${revision}/${version_id}/${build_id}/sbom/augmented.sbom.json
734
783
735
784
# ######################################
736
785
# Post Task #
@@ -1262,13 +1311,13 @@ tasks:
1262
1311
BSONCXX_POLYFILL : std
1263
1312
- func : " upload scan artifacts"
1264
1313
1265
- - name : silk-check-augmented- sbom
1266
- run_on : rhel8-latest -small
1267
- tags : [silk ]
1314
+ - name : sbom
1315
+ run_on : rhel80 -small
1316
+ tags : [sbom, rhel80 ]
1268
1317
commands :
1269
- - func : " setup"
1270
- - func : " check augmented sbom"
1271
- - func : " upload augmented sbom"
1318
+ - func : setup
1319
+ - func : check augmented sbom
1320
+ - func : upload augmented sbom
1272
1321
1273
1322
task_groups :
1274
1323
- name : tg-abi-stability
@@ -2189,10 +2238,10 @@ buildvariants:
2189
2238
tasks :
2190
2239
- name : .scan-build-matrix
2191
2240
2192
- - name : silk
2193
- display_name : silk
2241
+ - name : sbom
2242
+ display_name : SBOM
2194
2243
tasks :
2195
- - name : .silk
2244
+ - name : .sbom
2196
2245
2197
2246
- name : rhel79-compile
2198
2247
display_name : " RHEL 7.9 (gcc 4.8.5)"
0 commit comments