-
-
Notifications
You must be signed in to change notification settings - Fork 157
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Prabhu Subramanian <[email protected]>
- Loading branch information
Showing
11 changed files
with
180 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -113,3 +113,6 @@ test/obj | |
./cdxgen | ||
./cdxgen.exe | ||
./cdxgen.app | ||
.stacker/ | ||
oci/ | ||
roots/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,20 +4,20 @@ LABEL maintainer="cyclonedx" \ | |
org.opencontainers.image.authors="Prabhu Subramanian <[email protected]>" \ | ||
org.opencontainers.image.source="https://github.com/cyclonedx/cdxgen" \ | ||
org.opencontainers.image.url="https://github.com/cyclonedx/cdxgen" \ | ||
org.opencontainers.image.version="8.5.0" \ | ||
org.opencontainers.image.version="9.1.0" \ | ||
org.opencontainers.image.vendor="cyclonedx" \ | ||
org.opencontainers.image.licenses="Apache-2.0" \ | ||
org.opencontainers.image.title="cdxgen" \ | ||
org.opencontainers.image.description="Container image for cyclonedx cdxgen SBoM generator" \ | ||
org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw --cpus=2 --memory=4g -t ghcr.io/cyclonedx/cdxgen -r /app --server" | ||
org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen -r /app --server" | ||
|
||
ARG SWIFT_SIGNING_KEY=A62AE125BBBFBB96A6E042EC925CC1CCED3D1561 | ||
ARG SWIFT_PLATFORM=ubi9 | ||
ARG SWIFT_BRANCH=swift-5.8-release | ||
ARG SWIFT_VERSION=swift-5.8-RELEASE | ||
ARG SWIFT_WEBROOT=https://download.swift.org | ||
ARG JAVA_VERSION=22.3.r19-grl | ||
ARG SBT_VERSION=1.9.0 | ||
ARG SBT_VERSION=1.9.1 | ||
ARG MAVEN_VERSION=3.9.2 | ||
ARG GRADLE_VERSION=8.1.1 | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,128 @@ | ||
FROM almalinux:9.2-minimal | ||
|
||
LABEL maintainer="cyclonedx" \ | ||
org.opencontainers.image.authors="Prabhu Subramanian <[email protected]>" \ | ||
org.opencontainers.image.source="https://github.com/cyclonedx/cdxgen" \ | ||
org.opencontainers.image.url="https://github.com/cyclonedx/cdxgen" \ | ||
org.opencontainers.image.version="9.1.0" \ | ||
org.opencontainers.image.vendor="cyclonedx" \ | ||
org.opencontainers.image.licenses="Apache-2.0" \ | ||
org.opencontainers.image.title="cdxgen" \ | ||
org.opencontainers.image.description="Container image for cyclonedx cdxgen SBoM generator" \ | ||
org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-deno -r /app --server" | ||
|
||
ARG SWIFT_SIGNING_KEY=A62AE125BBBFBB96A6E042EC925CC1CCED3D1561 | ||
ARG SWIFT_PLATFORM=ubi9 | ||
ARG SWIFT_BRANCH=swift-5.8-release | ||
ARG SWIFT_VERSION=swift-5.8-RELEASE | ||
ARG SWIFT_WEBROOT=https://download.swift.org | ||
ARG JAVA_VERSION=22.3.r19-grl | ||
ARG SBT_VERSION=1.9.1 | ||
ARG MAVEN_VERSION=3.9.2 | ||
ARG GRADLE_VERSION=8.1.1 | ||
|
||
ENV GOPATH=/opt/app-root/go \ | ||
GO_VERSION=1.20.4 \ | ||
JAVA_VERSION=$JAVA_VERSION \ | ||
SBT_VERSION=$SBT_VERSION \ | ||
MAVEN_VERSION=$MAVEN_VERSION \ | ||
GRADLE_VERSION=$GRADLE_VERSION \ | ||
GRADLE_OPTS="-Dorg.gradle.daemon=false" \ | ||
JAVA_HOME="/opt/java/${JAVA_VERSION}" \ | ||
MAVEN_HOME="/opt/maven/${MAVEN_VERSION}" \ | ||
GRADLE_HOME="/opt/gradle/${GRADLE_VERSION}" \ | ||
SBT_HOME="/opt/sbt/${SBT_VERSION}" \ | ||
PYTHONUNBUFFERED=1 \ | ||
PYTHONIOENCODING="utf-8" \ | ||
COMPOSER_ALLOW_SUPERUSER=1 \ | ||
ANDROID_HOME=/opt/android-sdk-linux \ | ||
GLOBAL_NODE_MODULES_PATH=/root/.cache/deno/npm/registry.npmjs.org \ | ||
CDXGEN_PLUGINS_DIR=/root/.cache/deno/npm/registry.npmjs.org/@cyclonedx/cdxgen-plugins-bin/1.2.0/plugins \ | ||
SWIFT_SIGNING_KEY=$SWIFT_SIGNING_KEY \ | ||
SWIFT_PLATFORM=$SWIFT_PLATFORM \ | ||
SWIFT_BRANCH=$SWIFT_BRANCH \ | ||
SWIFT_VERSION=$SWIFT_VERSION \ | ||
SWIFT_WEBROOT=$SWIFT_WEBROOT | ||
ENV PATH=${PATH}:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:${GRADLE_HOME}/bin:${SBT_HOME}/bin:${GOPATH}/bin:/usr/local/go/bin:/usr/local/bin/:/root/.local/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/tools:${ANDROID_HOME}/tools/bin:${ANDROID_HOME}/platform-tools:/root/.deno/bin/: | ||
|
||
RUN set -e; \ | ||
ARCH_NAME="$(rpm --eval '%{_arch}')"; \ | ||
url=; \ | ||
case "${ARCH_NAME##*-}" in \ | ||
'x86_64') \ | ||
OS_ARCH_SUFFIX=''; \ | ||
GOBIN_VERSION='amd64'; \ | ||
;; \ | ||
'aarch64') \ | ||
OS_ARCH_SUFFIX='-aarch64'; \ | ||
GOBIN_VERSION='arm64'; \ | ||
;; \ | ||
*) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \ | ||
esac; \ | ||
microdnf module enable php ruby -y \ | ||
&& microdnf install -y php php-curl php-zip php-bcmath php-json php-pear php-mbstring php-devel make gcc git-core \ | ||
python3.11 python3.11-devel python3.11-pip ruby ruby-devel \ | ||
pcre2 which tar gzip zip unzip sudo ncurses \ | ||
&& alternatives --install /usr/bin/python3 python /usr/bin/python3.11 1 \ | ||
&& python3 --version \ | ||
&& python3 -m pip install --upgrade pip \ | ||
&& curl -fsSL https://deno.land/x/install/install.sh | sh \ | ||
&& deno install --allow-read --allow-env --allow-run --allow-sys=uid --allow-write -n cdxgen "npm:@cyclonedx/cdxgen@^9.0.1" \ | ||
&& curl -s "https://get.sdkman.io" | bash \ | ||
&& source "$HOME/.sdkman/bin/sdkman-init.sh" \ | ||
&& echo -e "sdkman_auto_answer=true\nsdkman_selfupdate_feature=false\nsdkman_auto_env=true" >> $HOME/.sdkman/etc/config \ | ||
&& sdk install java $JAVA_VERSION \ | ||
&& sdk install maven $MAVEN_VERSION \ | ||
&& sdk install gradle $GRADLE_VERSION \ | ||
&& sdk install sbt $SBT_VERSION \ | ||
&& sdk offline enable \ | ||
&& mv /root/.sdkman/candidates/* /opt/ \ | ||
&& rm -rf /root/.sdkman \ | ||
&& SWIFT_WEBDIR="$SWIFT_WEBROOT/$SWIFT_BRANCH/$(echo $SWIFT_PLATFORM | tr -d .)$OS_ARCH_SUFFIX" \ | ||
&& SWIFT_BIN_URL="$SWIFT_WEBDIR/$SWIFT_VERSION/$SWIFT_VERSION-$SWIFT_PLATFORM$OS_ARCH_SUFFIX.tar.gz" \ | ||
&& SWIFT_SIG_URL="$SWIFT_BIN_URL.sig" \ | ||
# - Download the GPG keys, Swift toolchain, and toolchain signature, and verify. | ||
&& export GNUPGHOME="$(mktemp -d)" \ | ||
&& curl -fsSL "$SWIFT_BIN_URL" -o swift.tar.gz "$SWIFT_SIG_URL" -o swift.tar.gz.sig \ | ||
&& gpg --batch --quiet --keyserver keyserver.ubuntu.com --recv-keys "$SWIFT_SIGNING_KEY" \ | ||
&& gpg --batch --verify swift.tar.gz.sig swift.tar.gz \ | ||
&& tar -xzf swift.tar.gz --directory / --strip-components=1 \ | ||
&& chmod -R o+r /usr/lib/swift \ | ||
&& chmod +x /usr/bin/swift \ | ||
&& rm -rf "$GNUPGHOME" swift.tar.gz.sig swift.tar.gz \ | ||
&& swift --version \ | ||
&& microdnf install -y epel-release \ | ||
&& mkdir -p ${ANDROID_HOME}/cmdline-tools \ | ||
&& curl -L https://dl.google.com/android/repository/commandlinetools-linux-9477386_latest.zip -o ${ANDROID_HOME}/cmdline-tools/android_tools.zip \ | ||
&& unzip ${ANDROID_HOME}/cmdline-tools/android_tools.zip -d ${ANDROID_HOME}/cmdline-tools/ \ | ||
&& rm ${ANDROID_HOME}/cmdline-tools/android_tools.zip \ | ||
&& mv ${ANDROID_HOME}/cmdline-tools/cmdline-tools ${ANDROID_HOME}/cmdline-tools/latest \ | ||
&& yes | /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager --licenses --sdk_root=/opt/android-sdk-linux \ | ||
&& /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager 'platform-tools' --sdk_root=/opt/android-sdk-linux \ | ||
&& /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager 'platforms;android-33' --sdk_root=/opt/android-sdk-linux \ | ||
&& /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager 'build-tools;33.0.0' --sdk_root=/opt/android-sdk-linux \ | ||
&& /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager 'extras;google;m2repository' --sdk_root=/opt/android-sdk-linux \ | ||
&& /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager 'extras;android;m2repository' --sdk_root=/opt/android-sdk-linux \ | ||
&& /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager 'extras;google;google_play_services' --sdk_root=/opt/android-sdk-linux \ | ||
&& curl -LO "https://dl.google.com/go/go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz" \ | ||
&& tar -C /usr/local -xzf go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz \ | ||
&& rm go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz \ | ||
&& curl -LO "https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein" \ | ||
&& chmod +x lein \ | ||
&& mv lein /usr/local/bin/ \ | ||
&& /usr/local/bin/lein \ | ||
&& curl -O https://download.clojure.org/install/linux-install-1.11.1.1273.sh \ | ||
&& chmod +x linux-install-1.11.1.1273.sh \ | ||
&& sudo ./linux-install-1.11.1.1273.sh \ | ||
&& useradd -ms /bin/bash cyclonedx \ | ||
&& pecl channel-update pecl.php.net \ | ||
&& pecl install timezonedb \ | ||
&& echo 'extension=timezonedb.so' >> /etc/php.ini \ | ||
&& php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && php composer-setup.php \ | ||
&& mv composer.phar /usr/local/bin/composer \ | ||
&& python3 -m pip install --user pipenv \ | ||
&& chmod a-w -R /opt \ | ||
&& rm -rf /var/cache/yum \ | ||
&& microdnf clean all | ||
|
||
ENTRYPOINT ["cdxgen"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
{ | ||
"name": "@cyclonedx/cdxgen", | ||
"version": "9.0.2", | ||
"version": "9.1.0", | ||
"description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image", | ||
"homepage": "http://github.com/cyclonedx/cdxgen", | ||
"author": "Prabhu Subramanian <[email protected]>", | ||
|
Oops, something went wrong.