Task: Dependency track (#20670)

* Generate BOM files on build * Upload BOM to Dependency Track * Move Backoffice BOM generation to right after install The build and/or pack steps are deleting files that are needed for the BOM to be generated properly. * Split the BOM uploads into different jobs * Fix wrong usage of parameters * Move order of dependency track stage * Fix wrong umbracoVersion value * Small fixes * Log curl response headers * Correct version sent to dependency track * Adjusted curl flags * Fix bom file path * Fix dotnet bom file name * Add Login UI to dependency track * Generate BOM for E2E Tests * Move dependency track stage * Move acceptance test .env generation to e2e install template Needed as the post install script is expecting this to exist. * Use major version if public release * Missing ')' * Reverted npm install command changes in static assets project
2025-10-31 10:53:57 +01:00
parent 66409b9ebd
commit 973a9573cc
4 changed files with 193 additions and 27 deletions
--- a/build/azure-pipelines.yml
+++ b/build/azure-pipelines.yml
@@ -34,6 +34,10 @@ parameters:
    displayName: Upload API docs
    type: boolean
    default: false
+  - name: uploadDependencyTrack
+    displayName: Upload BOMs to Dependency Track
+    type: boolean
+    default: false
  - name: forceReleaseTestFilter
    displayName: Force to use the release test filters
    type: boolean
@@ -103,6 +107,15 @@ stages:
              command: build
              projects: $(solution)
              arguments: "--configuration $(buildConfiguration) --no-restore --property:ContinuousIntegrationBuild=true --property:GeneratePackageOnBuild=true --property:PackageOutputPath=$(Build.ArtifactStagingDirectory)/nupkg"
+          - powershell: |
+              dotnet tool install --global CycloneDX
+              dotnet-CycloneDX $(solution) --output $(Build.ArtifactStagingDirectory)/bom --filename bom-dotnet.xml
+            displayName: 'Generate Backend BOM'
+          - powershell: |
+              npm install --global @cyclonedx/cyclonedx-npm
+              cyclonedx-npm -o $(Build.ArtifactStagingDirectory)\bom\bom-login.xml --ignore-npm-errors --verbose
+            displayName: Generate Login UI BOM
+            workingDirectory: src/Umbraco.Web.UI.Login
          - task: PublishPipelineArtifact@1
            displayName: Publish nupkg
            inputs:
@@ -113,6 +126,11 @@ stages:
            inputs:
              targetPath: $(Build.SourcesDirectory)
              artifactName: build_output
+          - task: PublishPipelineArtifact@1
+            displayName: Publish Backend BOM
+            inputs:
+              targetPath: $(Build.ArtifactStagingDirectory)/bom
+              artifactName: bom-backend

      - job: B
        displayName: Build Bellissima Package
@@ -124,6 +142,11 @@ stages:
            lfs: false,
            fetchDepth: 500
          - template: templates/backoffice-install.yml
+          - powershell: |
+              npm install --global @cyclonedx/cyclonedx-npm
+              cyclonedx-npm -o $(Build.ArtifactStagingDirectory)/bom/bom-backoffice.xml --ignore-npm-errors --verbose
+            displayName: Generate Backoffice UI BOM
+            workingDirectory: src/Umbraco.Web.UI.Client
          - script: npm run build:for:npm
            displayName: Run build:for:npm
            workingDirectory: src/Umbraco.Web.UI.Client
@@ -140,6 +163,35 @@ stages:
            inputs:
              targetPath: $(Build.ArtifactStagingDirectory)/npm
              artifactName: npm
+          - publish: $(Build.ArtifactStagingDirectory)/bom
+            artifact: bom-frontend
+            displayName: 'Publish Frontend BOM'
+
+  - stage: E2E_BOM
+    displayName: E2E Tests BOM Generation
+    dependsOn: []
+    jobs:
+    - job:
+      displayName: E2E Generate BOM
+      pool:
+        vmImage: "ubuntu-latest"
+      steps:
+        - checkout: self
+          submodules: false
+          lfs: false,
+          fetchDepth: 500
+        - template: templates/e2e-install.yml
+          parameters:
+            nodeVersion: ${{ variables.nodeVersion }}
+            npm_config_cache: ${{ variables.npm_config_cache }}
+        - powershell: |
+            npm install --global @cyclonedx/cyclonedx-npm
+            cyclonedx-npm -o $(Build.ArtifactStagingDirectory)/bom/bom-e2e.xml --ignore-npm-errors --verbose
+          displayName: Generate E2E Tests BOM
+          workingDirectory: tests/Umbraco.Tests.AcceptanceTest
+        - publish: $(Build.ArtifactStagingDirectory)/bom
+          artifact: bom-e2e
+          displayName: 'Publish E2E BOM'

  - stage: Build_Docs
    condition: and(succeeded(), or(eq(dependencies.Build.outputs['A.build.NBGV_PublicRelease'], 'True'), ${{parameters.buildApiDocs}}))
@@ -668,6 +720,34 @@ stages:
              ASPNETCORE_URLS: ${{ variables.ASPNETCORE_URLS }}
              DatabaseType: ${{ variables.DatabaseType }}

+  - stage: Dependency_Track
+    displayName: Dependency Track
+    dependsOn:
+      - Build
+      - E2E_BOM
+    condition: and(succeeded(), or(eq(dependencies.Build.outputs['A.build.NBGV_PublicRelease'], 'True'), ${{parameters.uploadDependencyTrack}}))
+    variables:
+      # Determine Umbraco version based on whether it's a public release or not. If public release, use major version, else use full NuGet package version.
+      umbracoVersion: $[ iif(eq(stageDependencies.Build.A.outputs['build.NBGV_PublicRelease'], 'True'), stageDependencies.Build.A.outputs['build.NBGV_VersionMajor'], stageDependencies.Build.A.outputs['build.NBGV_NuGetPackageVersion']) ]
+    jobs:
+      - template: templates/dependency-track.yml
+        parameters:
+          projectName: "Umbraco-CMS"
+          umbracoVersion: $(umbracoVersion)
+          projects:
+            - name: "Backend"
+              artifact: "bom-backend"
+              bomFilePath: "bom-dotnet.xml"
+            - name: "Login"
+              artifact: "bom-backend"
+              bomFilePath: "bom-login.xml"
+            - name: "Backoffice"
+              artifact: "bom-frontend"
+              bomFilePath: "bom-backoffice.xml"
+            - name: "E2E"
+              artifact: "bom-e2e"
+              bomFilePath: "bom-e2e.xml"
+
  ###############################################
  ## Release
  ###############################################
@@ -874,3 +954,4 @@ stages:
              ContainerName: "$web"
              BlobPrefix: v$(umbracoMajorVersion)/ui-api
              CleanTargetBeforeCopy: true
+
--- a/build/nightly-E2E-setup-template.yml
+++ b/build/nightly-E2E-setup-template.yml
@@ -26,38 +26,18 @@ steps:
      artifact: nupkg
      path: $(Agent.BuildDirectory)/app/nupkg

-  - task: NodeTool@0
-    displayName: Use Node.js $(nodeVersion)
-    inputs:
-      versionSpec: $(nodeVersion)
-
  - task: UseDotNet@2
    displayName: Use .NET SDK from global.json
    inputs:
      useGlobalJson: true

-  - pwsh: |
-      "UMBRACO_USER_LOGIN=${{ parameters.PlaywrightUserEmail }}
-      UMBRACO_USER_PASSWORD=${{ parameters.PlaywrightPassword }}
-      URL=${{ parameters.ASPNETCORE_URLS }}
-      STORAGE_STAGE_PATH=$(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest/playwright/.auth/user.json
-      CONSOLE_ERRORS_PATH=$(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest/console-errors.json" | Out-File .env
-    displayName: Generate .env
-    workingDirectory: $(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest
-
-  # Cache and restore NPM packages
-  - task: Cache@2
-    displayName: Cache NPM packages
-    inputs:
-      key: 'npm_e2e | "$(Agent.OS)" | $(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest/package-lock.json'
-      restoreKeys: |
-        npm_e2e | "$(Agent.OS)"
-        npm_e2e
-      path: ${{ parameters.npm_config_cache }}
-
-  - script: npm ci --no-fund --no-audit --prefer-offline
-    workingDirectory: $(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest
-    displayName: Restore NPM packages
+  - template: templates/e2e-install.yml
+    parameters:
+      nodeVersion: ${{ parameters.nodeVersion }}
+      npm_config_cache: ${{ parameters.npm_config_cache }}
+      PlaywrightUserEmail: ${{ parameters.PlaywrightUserEmail }}
+      PlaywrightPassword: ${{ parameters.PlaywrightPassword }}
+      ASPNETCORE_URLS: ${{ parameters.ASPNETCORE_URLS }}

  # Install Template
  - pwsh: |
--- a/build/templates/dependency-track.yml
+++ b/build/templates/dependency-track.yml
@@ -0,0 +1,56 @@
+parameters:
+  - name: projectName
+    type: string
+  - name: umbracoVersion
+    type: string
+  - name: projects
+    type: object
+
+jobs:
+- job: Create_DT_Project
+  displayName: Create Dependency Track Project
+  steps:
+    - checkout: none
+
+    - bash: |
+        project_id=$(curl --no-progress-meter -H "X-Api-Key: $(DT_API_KEY)" "$(DT_API_URL)/v1/project/lookup?name=${{ parameters.projectName }}&version=${{ parameters.umbracoVersion }}" | jq -r '.uuid')
+        if [ "$project_id" != "null" ] && [ -n "$project_id" ]; then
+          echo "Project '${{ parameters.projectName }}' with version '${{ parameters.umbracoVersion }}' already exists (ID: $project_id)."
+        else
+          project_id=$(curl --no-progress-meter \
+            -X PUT "$(DT_API_URL)/v1/project" \
+            -H "X-Api-Key: $(DT_API_KEY)" \
+            -H "Content-Type: application/json" \
+            -d '{"name": "${{ parameters.projectName }}", "version": "${{ parameters.umbracoVersion }}", "collectionLogic": "AGGREGATE_DIRECT_CHILDREN"}' \
+            | jq -r '.uuid')
+          if [ -z "$project_id" ] || [ "$project_id" == "null" ]; then
+            echo "Failed to create project '${{ parameters.projectName }}' version '${{ parameters.umbracoVersion }}'."
+            exit 1
+          fi
+          echo "Created project '${{ parameters.projectName }}' with version '${{ parameters.umbracoVersion }}' (ID: $project_id)."
+        fi
+      displayName: Ensure main project exists in Dependency Track
+
+- ${{ each project in parameters.projects }}:
+  - job:
+    displayName: Upload ${{ project.name }} BOM
+    dependsOn: Create_DT_Project
+    steps:
+      - checkout: none
+
+      - download: current
+        artifact: ${{ project.artifact }}
+        displayName: Download ${{ project.artifact }} artifact
+
+      - script: |
+          curl --no-progress-meter --fail-with-body \
+            -X POST "$(DT_API_URL)/v1/bom" \
+            -H "X-Api-Key: $(DT_API_KEY)" \
+            -H "Content-Type: multipart/form-data" \
+            -F "autoCreate=true" \
+            -F "projectName=${{ parameters.projectName }}-${{ project.name }}" \
+            -F "projectVersion=${{ parameters.umbracoVersion }}" \
+            -F "parentName=${{ parameters.projectName }}" \
+            -F "parentVersion=${{ parameters.umbracoVersion }}" \
+            -F "bom=@$(Pipeline.Workspace)/${{ project.artifact }}/${{ project.bomFilePath }}"
+        displayName: Upload ${{ project.name }} BOM to Dependency Track
--- a/build/templates/e2e-install.yml
+++ b/build/templates/e2e-install.yml
@@ -0,0 +1,49 @@
+parameters:
+  - name: nodeVersion
+    type: string
+    default: ''
+
+  - name: npm_config_cache
+    type: string
+    default: ''
+
+  - name: PlaywrightUserEmail
+    type: string
+    default: ''
+
+  - name: PlaywrightPassword
+    type: string
+    default: ''
+
+  - name: ASPNETCORE_URLS
+    type: string
+    default: ''
+
+steps:
+  - task: NodeTool@0
+    displayName: Use Node.js $(nodeVersion)
+    inputs:
+      versionSpec: $(nodeVersion)
+
+  - pwsh: |
+      "UMBRACO_USER_LOGIN=${{ parameters.PlaywrightUserEmail }}
+      UMBRACO_USER_PASSWORD=${{ parameters.PlaywrightPassword }}
+      URL=${{ parameters.ASPNETCORE_URLS }}
+      STORAGE_STAGE_PATH=$(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest/playwright/.auth/user.json
+      CONSOLE_ERRORS_PATH=$(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest/console-errors.json" | Out-File .env
+    displayName: Generate .env
+    workingDirectory: $(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest
+
+  # Cache and restore NPM packages
+  - task: Cache@2
+    displayName: Cache NPM packages
+    inputs:
+      key: 'npm_e2e | "$(Agent.OS)" | $(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest/package-lock.json'
+      restoreKeys: |
+        npm_e2e | "$(Agent.OS)"
+        npm_e2e
+      path: ${{ parameters.npm_config_cache }}
+
+  - script: npm ci --no-fund --no-audit --prefer-offline
+    workingDirectory: $(Build.SourcesDirectory)/tests/Umbraco.Tests.AcceptanceTest
+    displayName: Restore NPM packages