diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 24e29c16786..8b16754e1ad 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -268,6 +268,7 @@ jobs: - name: "Install CLI tools" run: | npm install -g @angular/cli@$ANGULAR_CLI_VERSION + npm install -g @cyclonedx/cyclonedx-npm@^1.2 npm install -g grunt-cli - name: "Set packaging options for Grunt" run: | @@ -277,7 +278,6 @@ jobs: - name: "Package application" run: | npm install --production - npm install -g grunt-cli npm run package:ci - name: "Unpack application archive" run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7e79dd9a7b6..70dc8d9328a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,6 +20,7 @@ jobs: - name: "Install CLI tools" run: | npm install -g @angular/cli + npm install -g @cyclonedx/cyclonedx-npm@^1.2 npm install -g grunt-cli - name: "Set packaging options for Grunt" run: | @@ -36,7 +37,6 @@ jobs: - name: "Package application" run: | npm install --production - npm install -g grunt-cli npm run package:ci - name: 'Attach packaged archive to tag release' uses: softprops/action-gh-release@v1 diff --git a/.gitignore b/.gitignore index d633d59fa3b..e9a6289f958 100644 --- a/.gitignore +++ b/.gitignore @@ -30,6 +30,8 @@ vagrant/.vagrant/ JSON JSON.map frontend/src/**/*.js +/bom.json +/bom.xml # IDEs .idea/ diff --git a/Gruntfile.js b/Gruntfile.js index a6b6bcac0ce..2abb7cbc269 100644 --- a/Gruntfile.js +++ b/Gruntfile.js @@ -42,12 +42,15 @@ module.exports = function (grunt) { 'config.schema.yml', 'build/**', '!build/reports/**', + 'bom.json', + 'bom.xml', 'config/*.yml', 'data/*.ts', 'data/static/**', 'data/chatbot/.gitkeep', 'encryptionkeys/**', 'frontend/dist/frontend/**', + 'frontend/dist/bom/**', 'frontend/src/**/*.ts', 'ftp/**', 'i18n/.gitkeep', diff --git a/frontend/angular.json b/frontend/angular.json index a944ad68d2d..60eaff7ad7c 100644 --- a/frontend/angular.json +++ b/frontend/angular.json @@ -16,7 +16,7 @@ "schematics": {}, "architect": { "build": { - "builder": "@angular-devkit/build-angular:browser", + "builder": "@angular-builders/custom-webpack:browser", "options": { "outputPath": "dist/frontend", "index": "src/index.html", @@ -46,7 +46,13 @@ "buildOptimizer": false, "sourceMap": true, "optimization": false, - "namedChunks": true + "namedChunks": true, + "customWebpackConfig": { + "path": "./webpack.angular.js", + "mergeRules": { + "externals": "replace" + } + } }, "configurations": { "production": { diff --git a/frontend/package.json b/frontend/package.json index cbc372791e1..7b67b07117d 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -12,6 +12,7 @@ }, "private": true, "dependencies": { + "@angular-builders/custom-webpack": "^15.0.0", "@angular-devkit/build-angular": "^15.0.4", "@angular-material-extensions/password-strength": "^6.0.0", "@angular/animations": "^15.0.4", @@ -28,6 +29,7 @@ "@angular/platform-browser": "^15.0.4", "@angular/platform-browser-dynamic": "^15.0.4", "@angular/router": "^15.0.4", + "@cyclonedx/webpack-plugin": "^3.6.0", "@fortawesome/fontawesome-svg-core": "~1.2.30", "@fortawesome/free-brands-svg-icons": "^5.14.0", "@fortawesome/free-regular-svg-icons": "^5.14.0", diff --git a/frontend/webpack.angular.js b/frontend/webpack.angular.js new file mode 100644 index 00000000000..c9eeb9bc455 --- /dev/null +++ b/frontend/webpack.angular.js @@ -0,0 +1,13 @@ +// this file contains extras that should override angular's default configs + +const { CycloneDxWebpackPlugin } = require('@cyclonedx/webpack-plugin') + +module.exports = { + plugins: [ + // @see https://www.npmjs.com/package/@cyclonedx/webpack-plugin + new CycloneDxWebpackPlugin({ + outputLocation: '../bom', // The path is relative to webpack's overall output path, + includeWellknown: false + }) + ] +} diff --git a/package.json b/package.json index 1d3f3127697..981a8a32d7f 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,7 @@ "lint:config": "schema validate -s config.schema.yml", "lint:fix": "eslint *.[jt]s data lib models routes test views rsn --fix && cd frontend && ng lint --fix && npx stylelint \"**/*.scss\" --fix && cd ..", "package": "grunt package", - "package:ci": "npm prune --production && npm dedupe && cd frontend && npm prune --legacy-peer-deps --production && cd .. && grunt package", + "package:ci": "npm prune --production && npm dedupe && cd frontend && npm prune --legacy-peer-deps --production && cd .. && npm run --silent sbom && grunt package", "serve": "concurrently --kill-others \"ts-node app.ts\" \"cd frontend && ng serve\"", "serve:dev": "concurrently --kill-others \"ts-node-dev app.ts\" \"cd frontend && ng serve\"", "start": "node build/app", @@ -68,7 +68,10 @@ "rsn": "ts-node rsn/rsn.ts", "rsn:verbose": "ts-node rsn/rsn-verbose.ts", "rsn:update": "ts-node rsn/rsn-update.ts", - "vagrant": "cd vagrant && vagrant up" + "vagrant": "cd vagrant && vagrant up", + "sbom": "npm run sbom:json && npm run sbom:xml", + "sbom:json": "cyclonedx-npm --omit=dev --output-format=JSON --output-file=bom.json", + "sbom:xml": " cyclonedx-npm --omit=dev --output-format=XML --output-file=bom.xml" }, "jest": { "preset": "ts-jest", @@ -179,6 +182,7 @@ "z85": "^0.0.2" }, "devDependencies": { + "@cyclonedx/cyclonedx-npm": "^1.12.0", "@istanbuljs/nyc-config-typescript": "^1.0.1", "@types/chai": "^4.2.14", "@types/chai-as-promised": "^7.1.3", @@ -276,4 +280,4 @@ "inject" ] } -} +} \ No newline at end of file