cyclonedx-gradle-plugin icon indicating copy to clipboard operation
cyclonedx-gradle-plugin copied to clipboard
verified publisher icon CycloneDX

Publish BOM files to Artifact repository with JAR file, like Maven plugin

Open VinodAnandan opened this issue 1 year ago • 2 comments

We should publish the Bill of Materials (BOM) files to the Artifact repository along with the Java Archive (JAR) file, similar to how it's done with the Maven plugin." ( e.g: https://repo1.maven.org/maven2/org/cyclonedx/cyclonedx-maven-plugin/2.7.11/ )

VinodAnandan avatar Jan 20 '24 00:01 VinodAnandan

Here is a solution until it'll we added inside the plugin. Place this part of code inside your root build.gradle.kts file:

allprojects {
        apply(plugin = "org.cyclonedx.bom")
        tasks.cyclonedxBom {
        setOutputName("bom")
        setOutputFormat("json")
        setIncludeBomSerialNumber(true)
        setIncludeLicenseText(true)
        setComponentVersion("2.0.0")
    }
    afterEvaluate {
        val bomTask = tasks.cyclonedxBom.get()
        val bomFile = File(bomTask.outputs.files.singleFile, "${bomTask.outputName.get()}.${bomTask.outputFormat.get()}")
        val mavenPublish = extensions.findByName(PublishingExtension.NAME) as? PublishingExtension
        mavenPublish?.publications?.filterIsInstance<MavenPublication>()?.forEach { it.artifact(bomFile) { classifier = "bom" } }
        tasks.matching { it.group == PublishingExtension.NAME }.configureEach { dependsOn(bomTask) }
    }
}

Hope it helps.

vguignot-ingenico avatar Mar 07 '24 15:03 vguignot-ingenico

@vguignot-ingenico Thank you for your response and for sharing this solution, I really appreciate it.

VinodAnandan avatar Mar 10 '24 21:03 VinodAnandan