build/templates/dependency-track.yml

parameters:
  - name: projectName
    type: string
  - name: umbracoVersion
    type: string
  - name: projects
    type: object

jobs:
- job: Create_DT_Project
  displayName: Create Dependency Track Project
  steps:
    - checkout: none

    - bash: |
        project_id=$(curl --no-progress-meter -H "X-Api-Key: $(DT_API_KEY)" "$(DT_API_URI)/api/v1/project/lookup?name=${{ parameters.projectName }}&version=${{ parameters.umbracoVersion }}" | jq -r '.uuid')
        if [ "$project_id" != "null" ] && [ -n "$project_id" ]; then
          echo "Project '${{ parameters.projectName }}' with version '${{ parameters.umbracoVersion }}' already exists (ID: $project_id)."
        else
          project_id=$(curl --no-progress-meter \
            -X PUT "$(DT_API_URI)/api/v1/project" \
            -H "X-Api-Key: $(DT_API_KEY)" \
            -H "Content-Type: application/json" \
            -d '{"name": "${{ parameters.projectName }}", "version": "${{ parameters.umbracoVersion }}", "collectionLogic": "AGGREGATE_DIRECT_CHILDREN"}' \
            | jq -r '.uuid')
          if [ -z "$project_id" ] || [ "$project_id" == "null" ]; then
            echo "Failed to create project '${{ parameters.projectName }}' version '${{ parameters.umbracoVersion }}'."
            exit 1
          fi
          echo "Created project '${{ parameters.projectName }}' with version '${{ parameters.umbracoVersion }}' (ID: $project_id)."
        fi
      displayName: Ensure main project exists in Dependency Track

- ${{ each project in parameters.projects }}:
  - job:
    displayName: Upload ${{ project.name }} BOM
    dependsOn: Create_DT_Project
    steps:
      - checkout: none

      - download: current
        artifact: ${{ project.artifact }}
        displayName: Download ${{ project.artifact }} artifact

      - task: upload-bom-dtrack@1
        inputs:
          dtrackURI: $(DT_API_URI)
          dtrackAPIKey: $(DT_API_KEY)
          dtrackProjAutoCreate: true
          dtrackProjName: '${{ parameters.projectName }}-${{ project.name }}'
          dtrackProjVersion: ${{ parameters.umbracoVersion }}
          dtrackParentProjName: ${{ parameters.projectName }}
          dtrackParentProjVersion: ${{ parameters.umbracoVersion }}
          bomFilePath: '$(Pipeline.Workspace)/${{ project.artifact }}/${{ project.bomFilePath }}'
        displayName: Upload ${{ project.name }} BOM to Dependency Track
Task: Dependency track (#20670) * Generate BOM files on build * Upload BOM to Dependency Track * Move Backoffice BOM generation to right after install The build and/or pack steps are deleting files that are needed for the BOM to be generated properly. * Split the BOM uploads into different jobs * Fix wrong usage of parameters * Move order of dependency track stage * Fix wrong umbracoVersion value * Small fixes * Log curl response headers * Correct version sent to dependency track * Adjusted curl flags * Fix bom file path * Fix dotnet bom file name * Add Login UI to dependency track * Generate BOM for E2E Tests * Move dependency track stage * Move acceptance test .env generation to e2e install template Needed as the post install script is expecting this to exist. * Use major version if public release * Missing ')' * Reverted npm install command changes in static assets project 2025-10-31 10:53:57 +01:00			`parameters:`
			`- name: projectName`
			`type: string`
			`- name: umbracoVersion`
			`type: string`
			`- name: projects`
			`type: object`

			`jobs:`
			`- job: Create_DT_Project`
			`displayName: Create Dependency Track Project`
			`steps:`
			`- checkout: none`

			`- bash: \|`
Use dependency track devops task (#20854) * Replace dependency track bom script with devops task * Introduce new url variable in order to fix new task uri The initial variable contained the api path (/api) in the URL. 2025-11-17 14:54:03 +01:00			`project_id=$(curl --no-progress-meter -H "X-Api-Key: $(DT_API_KEY)" "$(DT_API_URI)/api/v1/project/lookup?name=${{ parameters.projectName }}&version=${{ parameters.umbracoVersion }}" \| jq -r '.uuid')`
Task: Dependency track (#20670) * Generate BOM files on build * Upload BOM to Dependency Track * Move Backoffice BOM generation to right after install The build and/or pack steps are deleting files that are needed for the BOM to be generated properly. * Split the BOM uploads into different jobs * Fix wrong usage of parameters * Move order of dependency track stage * Fix wrong umbracoVersion value * Small fixes * Log curl response headers * Correct version sent to dependency track * Adjusted curl flags * Fix bom file path * Fix dotnet bom file name * Add Login UI to dependency track * Generate BOM for E2E Tests * Move dependency track stage * Move acceptance test .env generation to e2e install template Needed as the post install script is expecting this to exist. * Use major version if public release * Missing ')' * Reverted npm install command changes in static assets project 2025-10-31 10:53:57 +01:00			`if [ "$project_id" != "null" ] && [ -n "$project_id" ]; then`
			`echo "Project '${{ parameters.projectName }}' with version '${{ parameters.umbracoVersion }}' already exists (ID: $project_id)."`
			`else`
			`project_id=$(curl --no-progress-meter \`
Use dependency track devops task (#20854) * Replace dependency track bom script with devops task * Introduce new url variable in order to fix new task uri The initial variable contained the api path (/api) in the URL. 2025-11-17 14:54:03 +01:00			`-X PUT "$(DT_API_URI)/api/v1/project" \`
Task: Dependency track (#20670) * Generate BOM files on build * Upload BOM to Dependency Track * Move Backoffice BOM generation to right after install The build and/or pack steps are deleting files that are needed for the BOM to be generated properly. * Split the BOM uploads into different jobs * Fix wrong usage of parameters * Move order of dependency track stage * Fix wrong umbracoVersion value * Small fixes * Log curl response headers * Correct version sent to dependency track * Adjusted curl flags * Fix bom file path * Fix dotnet bom file name * Add Login UI to dependency track * Generate BOM for E2E Tests * Move dependency track stage * Move acceptance test .env generation to e2e install template Needed as the post install script is expecting this to exist. * Use major version if public release * Missing ')' * Reverted npm install command changes in static assets project 2025-10-31 10:53:57 +01:00			`-H "X-Api-Key: $(DT_API_KEY)" \`
			`-H "Content-Type: application/json" \`
			`-d '{"name": "${{ parameters.projectName }}", "version": "${{ parameters.umbracoVersion }}", "collectionLogic": "AGGREGATE_DIRECT_CHILDREN"}' \`
			`\| jq -r '.uuid')`
			`if [ -z "$project_id" ] \|\| [ "$project_id" == "null" ]; then`
			`echo "Failed to create project '${{ parameters.projectName }}' version '${{ parameters.umbracoVersion }}'."`
			`exit 1`
			`fi`
			`echo "Created project '${{ parameters.projectName }}' with version '${{ parameters.umbracoVersion }}' (ID: $project_id)."`
			`fi`
			`displayName: Ensure main project exists in Dependency Track`

			`- ${{ each project in parameters.projects }}:`
			`- job:`
			`displayName: Upload ${{ project.name }} BOM`
			`dependsOn: Create_DT_Project`
			`steps:`
			`- checkout: none`

			`- download: current`
			`artifact: ${{ project.artifact }}`
			`displayName: Download ${{ project.artifact }} artifact`

Use dependency track devops task (#20854) * Replace dependency track bom script with devops task * Introduce new url variable in order to fix new task uri The initial variable contained the api path (/api) in the URL. 2025-11-17 14:54:03 +01:00			`- task: upload-bom-dtrack@1`
			`inputs:`
			`dtrackURI: $(DT_API_URI)`
			`dtrackAPIKey: $(DT_API_KEY)`
			`dtrackProjAutoCreate: true`
			`dtrackProjName: '${{ parameters.projectName }}-${{ project.name }}'`
			`dtrackProjVersion: ${{ parameters.umbracoVersion }}`
			`dtrackParentProjName: ${{ parameters.projectName }}`
			`dtrackParentProjVersion: ${{ parameters.umbracoVersion }}`
			`bomFilePath: '$(Pipeline.Workspace)/${{ project.artifact }}/${{ project.bomFilePath }}'`
Task: Dependency track (#20670) * Generate BOM files on build * Upload BOM to Dependency Track * Move Backoffice BOM generation to right after install The build and/or pack steps are deleting files that are needed for the BOM to be generated properly. * Split the BOM uploads into different jobs * Fix wrong usage of parameters * Move order of dependency track stage * Fix wrong umbracoVersion value * Small fixes * Log curl response headers * Correct version sent to dependency track * Adjusted curl flags * Fix bom file path * Fix dotnet bom file name * Add Login UI to dependency track * Generate BOM for E2E Tests * Move dependency track stage * Move acceptance test .env generation to e2e install template Needed as the post install script is expecting this to exist. * Use major version if public release * Missing ')' * Reverted npm install command changes in static assets project 2025-10-31 10:53:57 +01:00			`displayName: Upload ${{ project.name }} BOM to Dependency Track`