Merge pull request #21 from alec-malcolm/master

Adds ability to specify a parent project
DependencyTrack · Nov 19, 2023 · 81d757a · 81d757a
2 parents 7fdf97f + e5a4556
commit 81d757a
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -42,6 +42,18 @@ Automatically create project and version in Dependency-Track, default `false`
 
 Path and filename of the BOM, default `bom.xml`
 
+### `parent`
+
+Parent project uuid in Dependency-Track
+
+### `parentName`
+
+**Parent version is also required** Parent project name in Dependency-Track
+
+### `parentVersion`
+
+**Parent name is also required** Parent project version in Dependency-Track
+
 ## Example usage
 
 With project name and version:
@@ -79,3 +91,31 @@ with:
   apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
   project: 'dadec8ad-7053-4e8c-8044-7b6ef698e08d'
 ```
+
+With protocol, port, project name and parent name:
+```
+  - name: SBOM zu DependencyTrack senden
+    uses: DependencyTrack/[email protected]
+    with:
+      protocol: ${{ secrets.DEPENDENCYTRACK_PROTOCOL }}
+      serverHostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }}
+      port: ${{ secrets.DEPENDENCYTRACK_PORT }}
+      apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
+      projectName: 'Example Project'
+      projectVersion: 'master'
+      bomFilename: "/path/to/bom.xml"
+      autoCreate: true
+      parentName: 'Example Parent'
+      parentVersion: 'master'
+```
+
+With parent uuid:
+```
+uses: DependencyTrack/[email protected]
+with:
+  serverHostname: 'example.com'
+  apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
+  project: 'dadec8ad-7053-4e8c-8044-7b6ef698e08d'
+  parent: '6a5a3c33-3f8b-42ee-8d50-594bfd95dd32'
+```
+
diff --git a/action.yml b/action.yml
@@ -33,6 +33,15 @@ inputs:
     description: 'Path and filename of the BOM'
     default: 'bom.xml'
     required: false
+  parent:
+    description: 'Parent project in Dependency-Track'
+    required: false
+  parentname:
+    description: 'Parent name in Dependency-Track'
+    required: false
+  parentversion:
+    description: 'Parent version in Dependency-Track'
+    required: false
 runs:
   using: 'node16'
   main: 'index.js'
diff --git a/index.js b/index.js
@@ -13,7 +13,9 @@ try {
   const projectVersion = core.getInput('projectversion');
   const autoCreate = core.getInput('autocreate') !== 'false';
   const bomFilename = core.getInput('bomfilename');
-
+  const parent = core.getInput('parent');
+  const parentName = core.getInput('parentname');
+  const parentVersion = core.getInput('parentversion');
 
   if (protocol !== "http" && protocol !== "https") {
     throw 'protocol "' + protocol + '" not supported, must be one of: https, http'
@@ -32,6 +34,10 @@ try {
     throw 'project or projectName + projectVersion must be set'
   }
 
+  if ((parentName === "" && parentVersion !== "") || (parentName !== "" && parentVersion === "")) {
+    throw 'parentName + parentVersion must both be set'
+  }
+
   core.info(`Reading BOM: ${bomFilename}...`);
   const bomContents = fs.readFileSync(bomFilename);
   let encodedBomContents = Buffer.from(bomContents).toString('base64');
@@ -54,6 +60,13 @@ try {
     }
   }
 
+  if (parent && parent.trim().length > 0) {
+    bomPayload.parent = parent;
+  } else if (parentName && parentName.trim().length > 0 && parentVersion && parentVersion.trim().length > 0) {
+    bomPayload.parentName = parentName;
+    bomPayload.parentVersion = parentVersion;
+  }
+
   const postData = JSON.stringify(bomPayload);
 
   const requestOptions = {