chore: make dependency track url a config setting

eclipse-csi · Jan 30, 2025 · b9f34a2 · b9f34a2
1 parent 937b9b9
commit b9f34a2
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 6 deletions.
diff --git a/docs/reference/policies/dependency-track-upload.md b/docs/reference/policies/dependency-track-upload.md
@@ -11,7 +11,6 @@ This policy will upload SBOM data as generated by workflows to a dependency trac
 | Setting         | Necessity | Value type | Description                                                         |
 |-----------------|-----------|------------|---------------------------------------------------------------------|
 | artifact_name   | mandatory | string     | The artifact to look for in workflow runs that contains SBOM data   |
-| base_url        | mandatory | string     | The base url to the dependency track instance                       |
 | workflow_filter | mandatory | string     | Only consider workflows runs that reference the specified workflows |
 
 
@@ -24,6 +23,5 @@ description: |-
 type: dependency_track_upload
 config:
   artifact_name: "eclipse-sbom-data"
-  base_url: "https://sbom.eclipse.org"
   workflow_filter: ".*/store-sbom-data.yml.*"
 ```
diff --git a/otterdog/webapp/config.py b/otterdog/webapp/config.py
@@ -54,7 +54,7 @@ class AppConfig:
     GITHUB_APP_PRIVATE_KEY = config("GITHUB_APP_PRIVATE_KEY")
 
     PROJECTS_BASE_URL = config("PROJECTS_BASE_URL", default="https://projects.eclipse.org/projects/")
-    DEPENDENCY_TRACK_URL = config("DEPENDENCY_TRACK_URL", default="https://sbom.eclipse.org")
+    DEPENDENCY_TRACK_URL = config("DEPENDENCY_TRACK_URL")
     DEPENDENCY_TRACK_TOKEN = config("DEPENDENCY_TRACK_TOKEN")
 
 

diff --git a/otterdog/webapp/policies/dependency_track_upload.py b/otterdog/webapp/policies/dependency_track_upload.py
@@ -26,7 +26,6 @@ class DependencyTrackUploadPolicy(Policy):
     """
 
     artifact_name: str
-    base_url: str
     workflow_filter: str
 
     @property

diff --git a/otterdog/webapp/tasks/policies/upload_sbom.py b/otterdog/webapp/tasks/policies/upload_sbom.py
@@ -37,6 +37,10 @@ class UploadSBOMTask(PolicyTask):
     policy: DependencyTrackUploadPolicy
     workflow_run_id: int
 
+    @property
+    def _dependency_track_url(self) -> str:
+        return current_app.config["DEPENDENCY_TRACK_URL"]
+
     @property
     def _dependency_track_token(self) -> str:
         return current_app.config["DEPENDENCY_TRACK_TOKEN"]
@@ -95,10 +99,11 @@ async def _upload_bom(self, bom: dict[str, Any], meta_data: Metadata) -> None:
             }
 
             self.logger.info(
-                f"uploading sbom for '{meta_data.projectName}@{meta_data.projectVersion}' to '{self.policy.base_url}'"
+                f"uploading sbom for '{meta_data.projectName}@{meta_data.projectVersion}' "
+                f"to '{self._dependency_track_url}'"
             )
 
-            upload_url = f"{self.policy.base_url}/api/v1/bom"
+            upload_url = f"{self._dependency_track_url}/api/v1/bom"
             async with session.put(upload_url, headers=headers, json=data) as response:
                 if response.status != 200:
                     error = await response.text()