Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SBOM pushing in ML merge workflow and remove field from SBOM #255

Merged
merged 2 commits into from
May 9, 2024
Merged

Fix SBOM pushing in ML merge workflow and remove field from SBOM #255

merged 2 commits into from
May 9, 2024

Conversation

querti
Copy link
Collaborator

@querti querti commented May 7, 2024
edited
Loading

This commit fixes two issues.

Firstly, ML merging workflow can cause the SBOM pushing to raise an error in some cases. It happens when an old arch that doesn't have an SBOM is merged with new archs. Pubtools-quay attempts to find all arch SBOMs so that it can re-publish them for the ML digest. However, it cannot find an SBOM of the old arch, raising an error. The bug can be fixed by removing the error and tolerating that the ML SBOM will not contain SBOMs of every image arch.

Secondly, each generated SBOM contains the "incompleteness_reasons" field, which is not a part of the CycloneDX spec and exists for internal use only. Remove this field from the SBOMs before publishing them to the final repos.

Refers to:
CLOUDDST-22748
CLOUDDST-22739

@querti
Fix SBOM pushing in ML merge workflow and remove field from SBOM
d3e2508 
This commit fixes two issues.

Firstly, ML merging workflow can cause the SBOM pushing to raise an
error in some cases. It happens when an old arch that doesn't have an
SBOM is merged with new archs. Pubtools-quay attempts to find all arch
SBOMs so that it can re-publish them for the ML digest. However, it
cannot find an SBOM of the old arch, raising an error. The bug can be
fixed by removing the error and tolerating that the ML SBOM will not
contain SBOMs of every image arch.

Secondly, each generated SBOM contains the "incompleteness_reasons"
field, which is not a part of the CycloneDX spec and exists for
internal use only. Remove this field from the SBOMs before publishing them
to the final repos.
@querti querti marked this pull request as ready for review May 7, 2024 09:52
@querti querti requested a review from midnightercz as a code owner May 7, 2024 09:52
@querti querti requested review from zxiong and emilyzheng May 7, 2024 09:52
@querti querti merged commit 9d24863 into release-engineering:master May 9, 2024
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emilyzheng emilyzheng emilyzheng approved these changes

@midnightercz midnightercz midnightercz approved these changes

@zxiong zxiong Awaiting requested review from zxiong

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@querti @midnightercz @emilyzheng