Skip to content

Commit

Permalink
fix: allow bom build and verification for build_only layers
Browse files Browse the repository at this point in the history 
stacker builds allow chaining of layer builds.  SBOM chaining should
follow that model, so bom generation directives are concerned with only
that layer.

Signed-off-by: Ramkumar Chinchani <[email protected]>
  • Loading branch information
@rchincha
rchincha committed May 9, 2024
1 parent 25b859b commit 9cc8326
Show file tree
Hide file tree
Showing 4 changed files with 57 additions and 69 deletions.
35 changes: 17 additions & 18 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,9 @@ require (
github.com/urfave/cli/v2 v2.25.0
github.com/vbatts/go-mtree v0.5.3
golang.org/x/sys v0.16.0
golang.org/x/term v0.15.0
golang.org/x/term v0.16.0
gopkg.in/yaml.v2 v2.4.0
sigs.k8s.io/bom v0.5.2-0.20231020154325-c94debbb2690
sigs.k8s.io/bom v0.6.0
sigs.k8s.io/yaml v1.3.0
stackerbuild.io/stacker-bom v0.0.0-00010101000000-000000000000
)
Expand All @@ -58,7 +58,6 @@ require (
github.com/VividCortex/ewma v1.2.0 // indirect
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
github.com/acobaugh/osrelease v0.1.0 // indirect
github.com/acomagu/bufpipe v1.0.4 // indirect
github.com/adrg/xdg v0.4.0 // indirect
github.com/anchore/clio v0.0.0-20231016125544-c98a83e1c7fc // indirect
github.com/anchore/fangs v0.0.0-20230818131516-2186b10924fe // indirect
Expand Down Expand Up @@ -111,10 +110,10 @@ require (
github.com/gabriel-vasile/mimetype v1.4.2 // indirect
github.com/ghodss/yaml v1.0.0 // indirect
github.com/github/go-spdx/v2 v2.2.0 // indirect
github.com/glebarez/go-sqlite v1.21.2 // indirect
github.com/glebarez/go-sqlite v1.22.0 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-git/go-billy/v5 v5.5.0 // indirect
github.com/go-git/go-git/v5 v5.9.0 // indirect
github.com/go-git/go-git/v5 v5.11.0 // indirect
github.com/go-logr/logr v1.3.0 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/analysis v0.21.4 // indirect
Expand All @@ -133,7 +132,7 @@ require (
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/go-containerregistry v0.16.1 // indirect
github.com/google/go-containerregistry v0.17.0 // indirect
github.com/google/go-intervals v0.0.2 // indirect
github.com/google/licensecheck v0.3.1 // indirect
github.com/google/licenseclassifier/v2 v2.0.0 // indirect
Expand Down Expand Up @@ -220,7 +219,7 @@ require (
github.com/sigstore/fulcio v1.0.0 // indirect
github.com/sigstore/rekor v1.0.1 // indirect
github.com/sigstore/sigstore v1.6.5 // indirect
github.com/skeema/knownhosts v1.2.0 // indirect
github.com/skeema/knownhosts v1.2.1 // indirect
github.com/smartystreets/assertions v1.2.0 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spdx/tools-golang v0.5.3 // indirect
Expand Down Expand Up @@ -258,15 +257,15 @@ require (
go.opentelemetry.io/otel/metric v1.21.0 // indirect
go.opentelemetry.io/otel/trace v1.21.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/crypto v0.16.0 // indirect
golang.org/x/crypto v0.18.0 // indirect
golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/net v0.19.0 // indirect
golang.org/x/sync v0.5.0 // indirect
golang.org/x/net v0.20.0 // indirect
golang.org/x/sync v0.6.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/tools v0.16.1 // indirect
golang.org/x/tools v0.17.0 // indirect
golang.org/x/tools/go/vcs v0.1.0-deprecated // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect
google.golang.org/grpc v1.60.0 // indirect
Expand All @@ -275,16 +274,16 @@ require (
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
modernc.org/libc v1.24.1 // indirect
modernc.org/mathutil v1.5.0 // indirect
modernc.org/memory v1.6.0 // indirect
modernc.org/sqlite v1.26.0 // indirect
modernc.org/libc v1.37.6 // indirect
modernc.org/mathutil v1.6.0 // indirect
modernc.org/memory v1.7.2 // indirect
modernc.org/sqlite v1.28.0 // indirect
pault.ag/go/debian v0.15.0 // indirect
pault.ag/go/topsort v0.1.1 // indirect
sigs.k8s.io/release-utils v0.7.5 // indirect
sigs.k8s.io/release-utils v0.7.7 // indirect
)

replace (
github.com/opencontainers/umoci => github.com/project-stacker/umoci v0.0.0-20240417195808-16c510104378
stackerbuild.io/stacker-bom => github.com/project-stacker/stacker-bom v0.0.6-0.20240227180605-9a3eb8f7f720
stackerbuild.io/stacker-bom => github.com/project-stacker/stacker-bom v0.0.0-20240509203427-4d685e046780
)
Loading

0 comments on commit 9cc8326

Please sign in to comment.