From 6d44b42400840af6946000d412b28220ab610c9b Mon Sep 17 00:00:00 2001
From: Laura Neto <12862535+lauraneto@users.noreply.github.com>
Date: Mon, 17 Nov 2025 14:54:03 +0100
Subject: [PATCH] Use dependency track devops task (#20854)

* Replace dependency track bom script with devops task

* Introduce new url variable in order to fix new task uri

The initial variable contained the api path (/api) in the URL.
---
 build/templates/dependency-track.yml | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/build/templates/dependency-track.yml b/build/templates/dependency-track.yml
index 74968b4616..051ddb120e 100644
--- a/build/templates/dependency-track.yml
+++ b/build/templates/dependency-track.yml
@@ -13,12 +13,12 @@ jobs:
     - checkout: none
 
     - bash: |
-        project_id=$(curl --no-progress-meter -H "X-Api-Key: $(DT_API_KEY)" "$(DT_API_URL)/v1/project/lookup?name=${{ parameters.projectName }}&version=${{ parameters.umbracoVersion }}" | jq -r '.uuid')
+        project_id=$(curl --no-progress-meter -H "X-Api-Key: $(DT_API_KEY)" "$(DT_API_URI)/api/v1/project/lookup?name=${{ parameters.projectName }}&version=${{ parameters.umbracoVersion }}" | jq -r '.uuid')
         if [ "$project_id" != "null" ] && [ -n "$project_id" ]; then
           echo "Project '${{ parameters.projectName }}' with version '${{ parameters.umbracoVersion }}' already exists (ID: $project_id)."
         else
           project_id=$(curl --no-progress-meter \
-            -X PUT "$(DT_API_URL)/v1/project" \
+            -X PUT "$(DT_API_URI)/api/v1/project" \
             -H "X-Api-Key: $(DT_API_KEY)" \
             -H "Content-Type: application/json" \
             -d '{"name": "${{ parameters.projectName }}", "version": "${{ parameters.umbracoVersion }}", "collectionLogic": "AGGREGATE_DIRECT_CHILDREN"}' \
@@ -42,15 +42,14 @@ jobs:
         artifact: ${{ project.artifact }}
         displayName: Download ${{ project.artifact }} artifact
 
-      - script: |
-          curl --no-progress-meter --fail-with-body \
-            -X POST "$(DT_API_URL)/v1/bom" \
-            -H "X-Api-Key: $(DT_API_KEY)" \
-            -H "Content-Type: multipart/form-data" \
-            -F "autoCreate=true" \
-            -F "projectName=${{ parameters.projectName }}-${{ project.name }}" \
-            -F "projectVersion=${{ parameters.umbracoVersion }}" \
-            -F "parentName=${{ parameters.projectName }}" \
-            -F "parentVersion=${{ parameters.umbracoVersion }}" \
-            -F "bom=@$(Pipeline.Workspace)/${{ project.artifact }}/${{ project.bomFilePath }}"
+      - task: upload-bom-dtrack@1
+        inputs:
+          dtrackURI: $(DT_API_URI)
+          dtrackAPIKey: $(DT_API_KEY)
+          dtrackProjAutoCreate: true
+          dtrackProjName: '${{ parameters.projectName }}-${{ project.name }}'
+          dtrackProjVersion: ${{ parameters.umbracoVersion }}
+          dtrackParentProjName: ${{ parameters.projectName }}
+          dtrackParentProjVersion: ${{ parameters.umbracoVersion }}
+          bomFilePath: '$(Pipeline.Workspace)/${{ project.artifact }}/${{ project.bomFilePath }}'
         displayName: Upload ${{ project.name }} BOM to Dependency Track