Skip to content

[release/8.0] produce SBOM after signing artifacts #113504

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 14, 2025
Merged

[release/8.0] produce SBOM after signing artifacts #113504

merged 1 commit into from
Mar 14, 2025

Conversation

haruna99
Copy link

Fixes Issue dotnet/arcade#15562

Description

This PR solves the SBOM generation issue in the runtime repo

@haruna99 haruna99 added Servicing-approved Approved for servicing release area-Meta labels Mar 14, 2025
@haruna99 haruna99 requested a review from hoyosjs March 14, 2025 00:03
@haruna99 haruna99 self-assigned this Mar 14, 2025
@Copilot Copilot AI review requested due to automatic review settings March 14, 2025 00:03
Copilot
Copilot AI reviewed Mar 14, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR addresses the SBOM generation issue by updating the runtime release/8.0 branch to generate SBOMs after artifact signing.

  • Disabled SBOM generation at the job template level
  • Introduced an explicit SBOM generation step using a dedicated template

eng/pipelines/official/jobs/prepare-signed-artifacts.yml
@@ -64,6 +66,10 @@ jobs:
/bl:$(Build.SourcesDirectory)\prepare-artifacts.binlog
displayName: Prepare artifacts and upload to build

- template: /eng/common/templates-official/steps/generate-sbom.yml
Copy link
Preview

Copilot AI Mar 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding a displayName property to this SBOM generation step for improved clarity in pipeline logs.

Copilot uses AI. Check for mistakes.

@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-meta
See info in area-owners.md if you want to be subscribed.

@hoyosjs hoyosjs changed the title update runtime release/8.0 branch to produce SBOM after signing artifacts [release/8.0] produce SBOM after signing artifacts Mar 14, 2025
@build-analysis build-analysis bot mentioned this pull request Mar 14, 2025
Open
@carlossanlop
Copy link
Contributor

/ba-g the BadExit failures are known, writing not permitted. Based on @hoyosjs sign off, I'll merge.

@carlossanlop carlossanlop merged commit 160b2be into dotnet:release/8.0 Mar 14, 2025
177 of 183 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Apr 13, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

Copilot code review Copilot Copilot left review comments

@hoyosjs hoyosjs hoyosjs approved these changes

Assignees

@haruna99 haruna99

Labels
area-Meta Servicing-approved Approved for servicing release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@haruna99 @carlossanlop @hoyosjs
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy