raboof/pekko
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Packages Wiki Activity Actions 10

feat: publish SBOMs (#1380)

Browse source 
While clearly not perfect, I think we should start growing
towards publishing valid SBOMs for our artifacts, and
publishing these is a good first step in that direction.
This commit is contained in:
Arnout Engelen 2024-07-08 15:50:42 +02:00 committed by GitHub
parent 053a5ccfad
commit 684fec989e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
project/PekkoBuild.scala
View file

@ -20,6 +20,7 @@ import sbt.Keys._
import sbt._
import sbtassembly.AssemblyPlugin.autoImport._
import sbtwelcome.WelcomePlugin.autoImport._
import _root_.io.github.siculo.sbtbom.BomSbtPlugin.autoImport.makeBom
import java.io.FileInputStream
import java.io.InputStreamReader
@ -267,6 +268,10 @@ object PekkoBuild {
mavenLocalResolverSettings,
docLintingSettings,
JdkOptions.targetJdkSettings,
// needed until https://github.com/siculo/sbt-bom/pull/57 has been merged
packagedArtifacts += {
Artifact(artifact.value.name, "cyclonedx", "xml") -> makeBom.value
},
// a workaround for https://github.com/akka/akka/issues/27661
// see also project/Protobuf.scala that introduces /../ to make "intellij happy"
MultiJvm / assembly / fullClasspath := {

1
project/plugins.sbt
View file

@ -30,6 +30,7 @@ addSbtPlugin("com.github.pjfanning" % "sbt-pekko-build" % "0.3.4")
addSbtPlugin("com.github.reibitto" % "sbt-welcome" % "0.4.0")
addSbtPlugin("com.github.sbt" % "sbt-license-report" % "1.6.1")
addSbtPlugin("io.github.roiocam" % "sbt-depend-walker" % "0.1.1")
addSbtPlugin("io.github.siculo" % "sbt-bom" % "0.3.0")
addSbtPlugin("org.apache.pekko" % "pekko-sbt-paradox" % "1.0.1")