Added build

.github/workflows/generate-guide.yml

@@ -0,0 +1,52 @@
+name: Generate Guide
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      document_type:
+        description: 'Select the type of guide to generate'
+        required: true
+        default: 'SBOM'
+        type: choice
+        options:
+          - Attestations
+          - CBOM
+          - HBOM
+          - MBOM
+          - ML-BOM
+          - OBOM
+          - SaaSBOM
+          - SBOM
+          - VEX_VDR
+
+jobs:
+  build_and_run:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker image
+        run: docker build -t cdx-guides-builder .
+
+      - name: Create output directory
+        run: mkdir -p docs
+
+      - name: Run Docker container
+        run: docker run -e CLOUDCONVERT_API_KEY=${{ secrets.CLOUDCONVERT_API_KEY }} -v $(pwd)/docs:/workspace/docs cdx-guides-builder ${{ github.event.inputs.document_type }}
+
+      - name: Upload .docx and .pdf files
+        uses: actions/upload-artifact@v4
+        with:
+          name: docs
+          path: docs/*.docx, docs/*.pdf

Dockerfile

@@ -0,0 +1,51 @@
+FROM ubuntu:24.04
+
+ENV TZ=UTC
+
+RUN apt-get update && \
+    apt-get install -y \
+    curl \
+    wget \
+    software-properties-common \
+    gnupg2 \
+    pandoc \
+    inkscape \
+    exiftool \
+    python3 \
+    python3-pip \
+    unzip \
+    tzdata \
+    git && \
+    python3 -m pip install pandocfilters docxcompose pdf-cli requests Flask --break-system-packages && \
+    curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \
+    apt-get install -y nodejs=18.18.0-1nodesource1 && \
+    npm install -g [email protected] && \
+    npm install -g [email protected] && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    ln -s /usr/bin/python3 /usr/bin/python && \
+    mkdir -p /workspace /workspace/docs
+
+# Set the timezone to UTC
+RUN ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && \
+    echo $TZ > /etc/timezone
+
+WORKDIR /workspace
+COPY docs/ /workspace/docs/
+COPY Attestations/ /workspace/Attestations/
+COPY CBOM/ /workspace/CBOM/
+COPY HBOM/ /workspace/HBOM/
+COPY MBOM/ /workspace/MBOM/
+COPY ML-BOM/ /workspace/ML-BOM/
+COPY OBOM/ /workspace/OBOM/
+COPY SaaSBOM/ /workspace/SaaSBOM/
+COPY SBOM/ /workspace/SBOM/
+COPY VDR_VEX/ /workspace/VDR_VEX/
+COPY images/ /workspace/images/
+COPY templates/ /workspace/templates/
+COPY build/gen.sh /workspace/gen.sh
+RUN chmod +x /workspace/gen.sh
+
+RUN cd /workspace
+
+ENTRYPOINT ["/workspace/gen.sh"]

build/gen.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+printf "OWASP Markdown Conversion Tool\n"
+
+BOMTYPE=;
+
+case $1 in
+  ([Ss][Bb][Oo][Mm]) BOMTYPE="SBOM";;
+  ([Cc][Bb][Oo][Mm]) BOMTYPE="CBOM";;
+  ([Ss][Aa][Aa][Ss][Bb][Oo][Mm]) BOMTYPE="SaaSBOM";;
+  ([Vv][Dd][Rr]) BOMTYPE="VDR_VEX";;
+  ([Vv][Ee][Xx]) BOMTYPE="VDR_VEX";;
+  ([Aa][Tt][Tt][Ee][Ss][Tt][Aa][Tt][Ii][Oo][Nn][Ss]) BOMTYPE="Attestations";;
+  (*)
+    echo Invalid argument. Valid arguments are "SBOM", "CBOM", "SaaSBOM", "VDR", and "Attestations"
+    exit;;
+esac
+
+printf "Task: Generate CycloneDX $BOMTYPE guide\n"
+
+function command_exists () {
+    command -v $1 >/dev/null 2>&1;
+}
+
+if ! command_exists pandoc; then
+    printf "Error: Please install pandoc. Cannot continue"
+    exit;
+fi
+
+generate_docx() {
+  BOMTYPE=$1
+  LANG=$2
+  pandoc -s -f gfm --reference-doc=../../templates/reference.docx \
+      --lua-filter=../../templates/pagebreak.lua \
+      --lua-filter=../../templates/emptyparagraph.lua \
+      --filter=../../templates/pandoc-svg.py \
+      --columns 10000 \
+      --toc \
+      --toc-depth=2 \
+      -t docx \
+      -o "../../docs/OWASP_CycloneDX-Authoritative-Guide-to-$BOMTYPE-SNAPSHOT-$LANG.docx" *.md
+  printf "\nRemoving temporary emf files...\n"
+  find ../.. -type f -name '*.emf' -print -delete
+}
+
+generate_pdf() {
+  BOMTYPE=$1
+  LANG=$2
+  printf "Creating pdf\n"
+  cloudconvert convert -f pdf --overwrite --outputdir "../../docs" -p.engine=office -p.engine_version=2.1 -p,optimize_print=false "../../docs/OWASP_CycloneDX-Authoritative-Guide-to-$BOMTYPE-SNAPSHOT-$LANG.docx"
+  printf "Adding watermark to pdf...\n"
+  pdfcli watermark -o "../../docs/OWASP_CycloneDX-Authoritative-Guide-to-$BOMTYPE-SNAPSHOT-$LANG.pdf" "../../docs/OWASP_CycloneDX-Authoritative-Guide-to-$BOMTYPE-SNAPSHOT-$LANG.pdf" "../../templates/watermark.pdf"
+  printf "Applying cover page...\n"
+  pdfcli join "../en/images/cover.pdf" "../../docs/OWASP_CycloneDX-Authoritative-Guide-to-$BOMTYPE-SNAPSHOT-$LANG.pdf" "../../images/back.pdf" -o "../../docs/OWASP_CycloneDX-Authoritative-Guide-to-$BOMTYPE-SNAPSHOT-$LANG.pdf"
+  printf "Updating Exif...\n"
+  exiftool -Title="Authoritative Guide to $BOMTYPE" -Author="OWASP Foundation" -Subject="CycloneDX BOM Standard" "../../docs/OWASP_CycloneDX-Authoritative-Guide-to-$BOMTYPE-SNAPSHOT-$LANG.pdf"
+}
+
+generate() {
+    BOMTYPE=$1
+    LANG=$2
+    printf "Generating CycloneDX Authoritative Guide to $BOMTYPE ($LANG)...\n"
+    if [ -d "$BOMTYPE/$LANG" ];
+    then
+        cd "$BOMTYPE/$LANG"
+        generate_docx $BOMTYPE $LANG
+        generate_pdf $BOMTYPE $LANG
+        cd ../..
+        printf "Done\n"
+        printf "Generated OWASP CycloneDX Authoritative Guide to $BOMTYPE ($LANG)\n"
+    else
+        printf " No CycloneDX guide found in directory $1"
+    fi
+}
+
+# English
+generate $BOMTYPE "en"
+
+echo