Skip to content

Adding validate plumbing to consolidate verb #1115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sfoslund merged 7 commits into from
Jun 27, 2025
Merged

Adding validate plumbing to consolidate verb #1115

sfoslund merged 7 commits into from
Jun 27, 2025

Conversation

@sfoslund
Copy link
Member

@sfoslund sfoslund commented Jun 26, 2025
edited
Loading

This PR adds some additional plumbing to the consolidate verb to parse the user provided ArtifactInfoMap and find all valid SBOMs that need to be validated/ consolidated. This PR has logic to account for a variety of flavors of SBOMs- spdx 2.2/3.0 and ADO/ CloudBuild

DaveTryon
DaveTryon reviewed Jun 26, 2025
View reviewed changes
sfoslund
sfoslund commented Jun 26, 2025
View reviewed changes
DaveTryon
DaveTryon reviewed Jun 26, 2025
View reviewed changes
@microsoft microsoft deleted a comment from github-actions bot Jun 27, 2025
@microsoft microsoft deleted a comment from github-actions bot Jun 27, 2025
@sfoslund sfoslund marked this pull request as ready for review June 27, 2025 16:54
@sfoslund sfoslund requested a review from a team as a code owner June 27, 2025 16:54
DaveTryon
DaveTryon reviewed Jun 27, 2025
View reviewed changes
DaveTryon
DaveTryon reviewed Jun 27, 2025
View reviewed changes
@github-actions
Copy link

github-actions bot commented Jun 27, 2025

This PR changes files in the API project. Does it change any of the API interfaces in any way? Please note that this includes the following types of changes:

  • Changing the signature of an existing interface method
  • Adding a new method to an existing interface
  • Adding a required data member to a class that an existing interface method consumes

Because any of these changes can potentially break a downstream consumer with customized interface implementations, these changes need to be treated as breaking changes. Please do one of the following:

Option 1 - Publish this as a breaking change

  1. Update the documentation to show the new functionality
  2. Bump the major version in the next release
  3. Be sure to highlight the breaking changes in the release notes

Option 2 - Refactor the changes to be non-breaking

  1. Review this commit, which adds a new interface in a backward-compatible way
  2. Refactor the change to follow this pattern so that existing interfaces are left completely intact
  3. Bump the minor version in the next release

@sfoslund
Copy link
Member Author

sfoslund commented Jun 27, 2025

/azp run

@microsoft microsoft deleted a comment from github-actions bot Jun 27, 2025
@github-actions
Copy link

github-actions bot commented Jun 27, 2025

This PR changes files in the API project. Does it change any of the API interfaces in any way? Please note that this includes the following types of changes:

  • Changing the signature of an existing interface method
  • Adding a new method to an existing interface
  • Adding a required data member to a class that an existing interface method consumes

Because any of these changes can potentially break a downstream consumer with customized interface implementations, these changes need to be treated as breaking changes. Please do one of the following:

Option 1 - Publish this as a breaking change

  1. Update the documentation to show the new functionality
  2. Bump the major version in the next release
  3. Be sure to highlight the breaking changes in the release notes

Option 2 - Refactor the changes to be non-breaking

  1. Review this commit, which adds a new interface in a backward-compatible way
  2. Refactor the change to follow this pattern so that existing interfaces are left completely intact
  3. Bump the minor version in the next release

@sfoslund sfoslund merged commit 1dc7f49 into main Jun 27, 2025
5 checks passed
@sfoslund sfoslund deleted the sfoslund/validatePlumbing branch June 27, 2025 19:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@DaveTryon DaveTryon DaveTryon approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sfoslund @DaveTryon