fix: update Dockerfile and generate-sbom workflow for poetry 2.0

eclipse-csi · Jan 10, 2025 · 858f430 · 858f430
1 parent 54b1b32
commit 858f430
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 12 deletions.
diff --git a/.github/workflows/generate-sbom.yml b/.github/workflows/generate-sbom.yml
@@ -20,6 +20,8 @@ permissions:
 jobs:
   generate-sbom:
     runs-on: ubuntu-latest
+    outputs:
+      project-version: ${{ steps.context.outputs.PROJECT_VERSION }}
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
@@ -34,13 +36,16 @@ jobs:
           virtualenvs-in-project: true
           version: ${{ env.POETRY_VERSION }}
       - name: Install cyclonedx-py
-        run: pipx install cyclonedx-bom
-      - name: "Set static version for cyclonedx tool"
+        run: pipx install cyclonedx-bom==5.1.1
+      - name: "Get project version and export requirements"
         shell: bash
         run: |
-          poetry version $(poetry version -s | sed 's/.dev[0-9]*/.dev/')
+          poetry install
+          poetry export --with main,app -o requirements.txt
+          VERSION=$(poetry version -s | sed 's/.dev[0-9]*/.dev/')
+          echo "PROJECT_VERSION=$VERSION" >> $GITHUB_OUTPUT
       - name: Generate sbom
-        run: cyclonedx-py poetry --with main,app -o otterdog-bom.json
+        run: cyclonedx-py requirements -o otterdog-bom.json
       - name: Upload sbom
         uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
@@ -56,18 +61,12 @@ jobs:
         with:
           name: otterdog-bom.json
 
-      - name: Extract version
-        id: version
-        run: |
-          VERSION="$(jq -r '.metadata.component.version' < otterdog-bom.json)"
-          echo "version=$(echo ${VERSION})" >> $GITHUB_OUTPUT
-
       - uses: DependencyTrack/gh-upload-sbom@48feab3080ff9e8f51f4d21861d9fc914eb744f5 # v3.1.0
         with:
           serverHostname: 'sbom.eclipse.org'
           apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
           projectName: 'otterdog'
-          projectVersion: ${{ steps.version.outputs.version }}
+          projectVersion: ${{ needs.generate-sbom.outputs.project-version }}
           bomFilename: "otterdog-bom.json"
           parentName: 'otterdog'
           parentVersion: 'parent'

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -23,7 +23,7 @@ WORKDIR /app
 ENV PIP_DEFAULT_TIMEOUT=100 \
     PIP_DISABLE_PIP_VERSION_CHECK=1 \
     PIP_NO_CACHE_DIR=1 \
-    POETRY_VERSION=1.8.4 \
+    POETRY_VERSION=2.0.0 \
     POETRY_HOME='/usr/local' \
     POETRY_DYNAMIC_VERSIONING_BYPASS=$version
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -82,6 +82,7 @@ exclude = [
 version = "0.0.0"
 
 [tool.poetry.requires-plugins]
+poetry-plugin-export = { version = ">=1.8.0,<2.0.0" }
 poetry-dynamic-versioning = { version = ">=1.0.0,<2.0.0", extras = ["plugin"] }
 
 [tool.poetry.group.app.dependencies]