🔧 (#127): Add new pipeline for sbom generation for frontend

hopps-app · Nov 2, 2024 · a81799e · a81799e
1 parent d2b8abe
commit a81799e
Show file tree

Hide file tree

Showing 6 changed files with 6,755 additions and 2,648 deletions.
diff --git a/.github/workflows/dependency-track-analysis.yml b/.github/workflows/dependency-track-analysis.yml
@@ -34,7 +34,8 @@ jobs:
       - name: mvn makeAggregateBom
         run: mvn org.cyclonedx:cyclonedx-maven-plugin:2.8.0:makeBom --file backend/pom.xml
 
-      - uses: avides/actions-project-version-check@latest
+      - name: Get current project version
+        uses: avides/actions-project-version-check@latest
         id: project_version
         with:
           token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/frontend-dependency-track.yaml b/.github/workflows/frontend-dependency-track.yaml
@@ -0,0 +1,63 @@
+name: Dependency Track for frontend
+
+on:
+  push:
+    paths:
+      - frontend/**
+      - .github/workflows/frontend-dependency-track.yaml
+    branches: [ "**" ]
+    tags:
+      - 'spa-*.*.*'
+  pull_request:
+    paths:
+      - frontend/**
+      - .github/workflows/frontend-dependency-track.yaml
+    branches:
+      - main
+
+jobs:
+  build:
+    if: ${{ !startsWith(github.ref, 'refs/heads/dependabot/maven/backend') }}
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        baseDirectory: [ "frontend/spa" ]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: '18'
+
+      - name: Install PNPM
+        run: npm install -g pnpm
+
+      - name: Install dependencies
+        run: pnpm install
+        working-directory: ${{ matrix.baseDirectory }}
+
+      - name: Create sBom
+        run: pnpm sbom
+        working-directory: ${{ matrix.baseDirectory }}
+
+      - name: Get current project version
+        uses: avides/actions-project-version-check@latest
+        id: project_version
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          file-to-check: "${{ matrix.baseDirectory }}/package.json"
+
+      # Upload the SBOM to Dependency-Track
+      - name: Upload BOM to Dependency-Track
+        uses: DependencyTrack/[email protected]
+        with:
+          apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
+          serverHostname: "dtrack.hopps.cloud"
+          bomFilename: "${{ matrix.baseDirectory }}/bom.json"
+          projectName: "${{ matrix.baseDirectory }}"
+          projectVersion: "${{ steps.project_version.outputs.version }}"
+          autoCreate: true
diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml
@@ -18,6 +18,11 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        baseDirectory: [ "frontend/spa" ]
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
@@ -32,21 +37,21 @@ jobs:
 
       - name: Install dependencies
         run: pnpm install
-        working-directory: frontend/spa
+        working-directory: ${{ matrix.baseDirectory }}
 
       - name: Run tests
         run: pnpm run validate
-        working-directory: frontend/spa
+        working-directory: ${{ matrix.baseDirectory }}
 
       - name: Build project
-        run: pnpm run build && ls -la
-        working-directory: frontend/spa
+        run: pnpm run build
+        working-directory: ${{ matrix.baseDirectory }}
 
       - name: Upload build artifacts
         uses: actions/upload-artifact@v3
         with:
           name: build
-          path: frontend/spa/dist/
+          path: ${{ matrix.baseDirectory }}/dist/
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -71,7 +76,7 @@ jobs:
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:
-          context: frontend/spa
-          file: frontend/spa/docker/Dockerfile
+          context: ${{ matrix.baseDirectory }}
+          file: ${{ matrix.baseDirectory }}/docker/Dockerfile
           push: ${{ !startsWith(github.ref, 'refs/heads/dependabot/maven/backend') }}
           tags: ghcr.io/${{ github.repository }}/frontend:${{ env.VERSION }}
diff --git a/frontend/spa/.gitignore b/frontend/spa/.gitignore
@@ -26,3 +26,5 @@ coverage/*
 *.sw?
 /tsconfig.app.tsbuildinfo
 /tsconfig.node.tsbuildinfo
+
+bom.json
diff --git a/frontend/spa/package.json b/frontend/spa/package.json
@@ -1,7 +1,7 @@
 {
   "name": "hopps-spa",
   "private": true,
-  "version": "0.0.1",
+  "version": "0.0.1-alpha",
   "type": "module",
   "scripts": {
     "dev": "vite",
@@ -12,7 +12,8 @@
     "validate": "pnpm run lint && pnpm run test",
     "test": "vitest run",
     "test:dev": "vitest",
-    "test:coverage": "vitest run --coverage"
+    "test:coverage": "vitest run --coverage",
+    "sbom": "cdxgen -o bom.json"
   },
   "dependencies": {
     "@radix-ui/react-icons": "^1.3.0",
@@ -35,6 +36,7 @@
     "vite-plugin-svgr": "^4.2.0"
   },
   "devDependencies": {
+    "@cyclonedx/cdxgen": "^10.11.0",
     "@eslint/js": "^9.11.1",
     "@testing-library/jest-dom": "^6.6.2",
     "@testing-library/react": "^16.0.1",