Skip to content

Commit 3805737

Browse files
adelinowonaadelinowona
authored
CSHARP-5501: Update SBOM usage for Kondukto (#1619)
1 parent 5de245c commit 3805737

File tree

2 files changed

+24
-9
lines changed

2 files changed

+24
-9
lines changed

evergreen/download-augmented-sbom.sh

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,24 @@
11
#!/usr/bin/env bash
22

33
# Environment variables used as input:
4-
# SILK_CLIENT_ID
5-
# SILK_CLIENT_SECRET
4+
# AWS_ACCESS_KEY_ID
5+
# AWS_SECRET_ACCESS_KEY
6+
# AWS_SESSION_TOKEN
67

78
declare -r SSDLC_PATH="./artifacts/ssdlc"
89
mkdir -p "${SSDLC_PATH}"
910

10-
echo "Downloading augmented sbom from silk"
11+
echo "Downloading augmented sbom using Kondukto"
12+
13+
# use AWS CLI to get the Kondukto API token from AWS Secrets Manager
14+
kondukto_token=$(aws secretsmanager get-secret-value --secret-id "kondukto-token" --region "us-east-1" --query 'SecretString' --output text)
15+
if [ $? -ne 0 ]; then
16+
exit 1
17+
fi
18+
# set the KONDUKTO_TOKEN environment variable
19+
echo "KONDUKTO_TOKEN=$kondukto_token" > ${PWD}/kondukto_credentials.env
1120

1221
docker run --platform="linux/amd64" --rm -v ${PWD}:/pwd \
13-
-e SILK_CLIENT_ID \
14-
-e SILK_CLIENT_SECRET \
15-
artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:1.0 \
16-
download --silk-asset-group mongodb-dotnet-csharp-driver --sbom-out /pwd/${SSDLC_PATH}/augmented-sbom.json
22+
--env-file ${PWD}/kondukto_credentials.env \
23+
artifactory.corp.mongodb.com/release-tools-container-registry-public-local/silkbomb:2.0 \
24+
augment --repo mongodb/mongo-csharp-driver --branch main --sbom-in /pwd/sbom.json --sbom-out /pwd/${SSDLC_PATH}/augmented-sbom.json

evergreen/evergreen.yml

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -246,15 +246,22 @@ functions:
246246
file: mo-expansion.yml
247247

248248
download-and-promote-augmented-sbom-to-s3-bucket:
249+
- command: ec2.assume_role
250+
params:
251+
role_arn: ${kondukto_role_arn}
249252
- command: shell.exec
250253
params:
251254
working_dir: "mongo-csharp-driver"
252255
include_expansions_in_env:
253-
- "SILK_CLIENT_ID"
254-
- "SILK_CLIENT_SECRET"
256+
- "AWS_ACCESS_KEY_ID"
257+
- "AWS_SECRET_ACCESS_KEY"
258+
- "AWS_SESSION_TOKEN"
255259
script: |
256260
${PREPARE_SHELL}
257261
./evergreen/download-augmented-sbom.sh
262+
- command: ec2.assume_role
263+
params:
264+
role_arn: ${UPLOAD_SSDLC_RELEASE_ASSETS_ROLE_ARN}
258265
- command: s3.put
259266
params:
260267
aws_key: ${AWS_ACCESS_KEY_ID}

0 commit comments

Comments
 (0)