Skip to content

Commit

Permalink
cachi2: generate ICM form SBOM
Browse files Browse the repository at this point in the history
Cachi2 doesn't generate ICM as Cachito 1, for backward compatibility
generate ICM from SBOM

Unfortunatelly cachi2 provides only flat structure, so dependencies are
part of the flat structure they are not listed separatelly.

STONEBLD-2582

Signed-off-by: Martin Basti <[email protected]>
  • Loading branch information
MartinBasti committed Sep 20, 2024
1 parent a7beb00 commit dd5a25b
Show file tree
Hide file tree
Showing 2 changed files with 72 additions and 1 deletion.
24 changes: 24 additions & 0 deletions atomic_reactor/utils/cachi2.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,27 @@ def remote_source_to_cachi2(remote_source: Dict[str, Any]) -> Dict[str, Any]:
cachi2_packages.append({"type": pkg_manager, **pkg})

return {"packages": cachi2_packages, "flags": cachi2_flags}


def convert_SBOM_to_ICM(sbom: Dict[str, Any]) -> Dict[str, Any]:
"""Function converts cachi2 SBOM into ICM
Unfortunately cachi2 doesn't provide all details about dependencies
and sources, so the ICM can contain only flat structure of everything
"""
icm = {
"metadata": {
"icm_spec": (
"https://raw.githubusercontent.com/containerbuildsystem/atomic-reactor/"
"f4abcfdaf8247a6b074f94fa84f3846f82d781c6/atomic_reactor/schemas/"
"content_manifest.json"
),
"icm_version": 1,
"image_layer_index": -1
},
"image_contents": [],
}
icm["image_contents"] = [
{"purl": comp["purl"]} for comp in sbom["components"] # type: ignore
]
return icm
49 changes: 48 additions & 1 deletion tests/utils/test_cachi2.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,10 @@
of the BSD license. See the LICENSE file for details.
"""

from atomic_reactor.utils.cachi2 import remote_source_to_cachi2
from atomic_reactor.utils.cachi2 import (
convert_SBOM_to_ICM,
remote_source_to_cachi2
)

import pytest

Expand Down Expand Up @@ -83,3 +86,47 @@ def test_remote_source_to_cachi2_conversion(input_remote_source, expected_cachi2
"""Test conversion of remote_source (cachito) configuration from container yaml
into cachi2 params"""
assert remote_source_to_cachi2(input_remote_source) == expected_cachi2


@pytest.mark.parametrize(('sbom', 'expected_icm'), [
pytest.param(
{
"bomFormat": "CycloneDX",
"components": [{
"name": "unsafe",
"purl": "pkg:golang/unsafe?type=package",
"properties": [{
"name": "cachi2:found_by",
"value": "cachi2",
}],
"type": "library",
}],
"metadata": {
"tools": [{
"vendor": "red hat",
"name": "cachi2"
}]
},
"specVersion": "1.4",
"version": 1
},
{
"image_contents": [
{"purl": "pkg:golang/unsafe?type=package"},
],
"metadata": {
"icm_spec": (
"https://raw.githubusercontent.com/containerbuildsystem/atomic-reactor/"
"f4abcfdaf8247a6b074f94fa84f3846f82d781c6/atomic_reactor/"
"schemas/content_manifest.json"
),
"icm_version": 1,
"image_layer_index": -1
}
},
id="easy",
),
])
def test_convert_SBOM_to_ICM(sbom, expected_icm):
"""Test conversion from cachi2 SBOM into ICM format"""
assert convert_SBOM_to_ICM(sbom) == expected_icm

0 comments on commit dd5a25b

Please sign in to comment.