From 57662fd4204028f9ca89ce3533f6c61d02f5b775 Mon Sep 17 00:00:00 2001
From: Ludovic Champenois <ludo@google.com>
Date: Mon, 9 Oct 2023 17:39:19 -0700
Subject: [PATCH] Adding SBOM generation phase in master pom.xml project.

PiperOrigin-RevId: 572086820
Change-Id: I8d7ec0a8b0f72d4542aa881323b36976a2940c61
---
 kokoro/gcp_ubuntu/build.sh |  7 ++++++-
 pom.xml                    | 13 +++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/kokoro/gcp_ubuntu/build.sh b/kokoro/gcp_ubuntu/build.sh
index 0c2b7438..7bd371de 100644
--- a/kokoro/gcp_ubuntu/build.sh
+++ b/kokoro/gcp_ubuntu/build.sh
@@ -30,7 +30,7 @@ export JAVA_HOME="$(update-java-alternatives -l | grep "1.17" | head -n 1 | tr -
 echo "JAVA_HOME = $JAVA_HOME"
 ./mvnw -v
 
-./mvnw -e clean install
+./mvnw -e clean install cyclonedx:makeAggregateBom
 
 # The artifacts under `${KOKORO_ARTIFACTS_DIR}/maven-artifacts` will be uploaded as a zip file named maven_jars.binary
 TMP_STAGING_LOCATION=${KOKORO_ARTIFACTS_DIR}/tmp
@@ -68,6 +68,11 @@ cp -rf sdk_assembly/target/appengine-java-sdk ${TMP_STAGING_LOCATION}/
 chmod a+x ${TMP_STAGING_LOCATION}/appengine-java-sdk/bin/*
 # LINT.ThenChange(//depot/google3/third_party/java_src/appengine_standard/check_build.sh)
 cp sdk_assembly/target/google_appengine_java_delta*.zip ${TMP_STAGING_LOCATION}/google_appengine_java_delta_from_maven.zip
+
+# Add SBOM files:
+cp target/bom.json ${TMP_STAGING_LOCATION}/
+cp target/bom.xml ${TMP_STAGING_LOCATION}/
+
 cd ${TMP_STAGING_LOCATION}
 zip -r ${PUBLISHED_LOCATION}/maven_jars.binary .
 # cleanup staging area
diff --git a/pom.xml b/pom.xml
index f420e371..79f5b024 100644
--- a/pom.xml
+++ b/pom.xml
@@ -888,6 +888,19 @@
             <fileTemplate>${project.basedir}/licenses/resources/third-party-file-template.ftl</fileTemplate>
           </configuration>
         </plugin>
+        <plugin>
+            <groupId>org.cyclonedx</groupId>
+            <artifactId>cyclonedx-maven-plugin</artifactId>
+            <version>2.7.9</version>
+            <executions>
+                <execution>
+                    <phase>package</phase>
+                    <goals>
+                        <goal>makeAggregateBom</goal>
+                    </goals>
+                </execution>
+            </executions>
+        </plugin>
       </plugins>
     </pluginManagement>
   </build>