diff --git a/pipelines/build/common/openjdk_build_pipeline.groovy b/pipelines/build/common/openjdk_build_pipeline.groovy index 04010a1e6..8f9e59367 100644 --- a/pipelines/build/common/openjdk_build_pipeline.groovy +++ b/pipelines/build/common/openjdk_build_pipeline.groovy @@ -1062,6 +1062,43 @@ class Build { } } } + private void signSBOMCyclonedx() { + context.stage('Sign SBOM') { + context.println "RUNNING sign_temurin_cyclonedx for ${buildConfig.TARGET_OS}/${buildConfig.ARCHITECTURE} ..." + + def params = [ + context.string(name: 'UPSTREAM_JOB_NUMBER', value: "${env.BUILD_NUMBER}"), + context.string(name: 'UPSTREAM_JOB_NAME', value: "${env.JOB_NAME}"), + context.string(name: 'UPSTREAM_DIR', value: 'workspace/target') + ] + + def signSBOMjob = context.build job: 'sign_temurin_cyclonedx', + propagate: true, + parameters: params + + context.node('worker') { + // Remove any previous workspace artifacts + context.sh 'rm -rf workspace/target/* || true' + context.copyArtifacts( + projectName: 'sign_temurin_cyclonedx', + selector: context.specific("${signSBOMjob.getNumber()}"), + filter: '**/*.xml', + fingerprintArtifacts: true, + target: 'workspace/target/', + flatten: true) + + // Archive signed XML SBOMs in Jenkins + try { + context.timeout(time: buildTimeouts.ARCHIVE_ARTIFACTS_TIMEOUT, unit: 'HOURS') { + context.archiveArtifacts artifacts: 'workspace/target/*.xml' + } + } catch (FlowInterruptedException e) { + throw new Exception("[ERROR] Archive artifact timeout (${buildTimeouts.ARCHIVE_ARTIFACTS_TIMEOUT} HOURS) for ${downstreamJobName} has been reached. Exiting...") + } + } + } + } + /* Lists and returns any compressed archived or sbom file contents of the top directory of the build node */ @@ -2411,6 +2448,7 @@ def buildScriptsAssemble( try { context.println "openjdk_build_pipeline: Running GPG signing process" gpgSign() + signSBOMCyclonedx() } catch (Exception e) { context.println(e.message) currentBuild.result = 'FAILURE'