This is an automated email from the ASF dual-hosted git repository.
bodewig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ant-antlibs-props.git
The following commit(s) were added to refs/heads/master by this push:
new 815da33 add SBOM generation
815da33 is described below
commit 815da33ce84cd32c8cb1f6c2105d3c3fce861a41
Author: Stefan Bodewig <[email protected]>
AuthorDate: Fri Jun 19 08:23:58 2026 +0200
add SBOM generation
---
.gitignore | 1 +
build.xml | 12 +++
cyclonedx.xml | 322 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 335 insertions(+)
diff --git a/.gitignore b/.gitignore
index 4a4a0ea..faa00e1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
/ivy/
/lib/
/target/
+/distribution/
diff --git a/build.xml b/build.xml
index 14e0e50..82f3753 100644
--- a/build.xml
+++ b/build.xml
@@ -22,5 +22,17 @@ under the License.
<!-- easy way to override properties -->
<property file="build.properties"/>
+ <target name="ready-for-bin-dist"
depends="create-antlib-sbom,common.ready-for-bin-dist">
+ <resources id="additional-bin-patterns">
+ <fileset dir="${build.lib}">
+ <include name="${artifact.stub}-cyclonedx*"/>
+ </fileset>
+ </resources>
+ </target>
+
+ <target name="after-src-dist" depends="src-sboms"/>
+ <target name="after-bin-dist" depends="bin-sboms"/>
+
<import file="common/build.xml"/>
+ <import file="cyclonedx.xml"/>
</project>
diff --git a/cyclonedx.xml b/cyclonedx.xml
new file mode 100644
index 0000000..66650ab
--- /dev/null
+++ b/cyclonedx.xml
@@ -0,0 +1,322 @@
+<?xml version="1.0"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<project name="cyclonedx" xmlns:ivy="antlib:org.apache.ivy.ant">
+
+ <target name="define-cyclonedx-components" depends="fetch-cyclonedx">
+ <!-- common definitions for SBOMs -->
+ <cdx:organization
+ name="Apache Ant Project Management Committee"
+ id="ant-pmc"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <url url="https://ant.apache.org/"/>
+ </cdx:organization>
+ <cdx:license
+ licenseId="Apache-2.0"
+ id="apache-2"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <url url="https://www.apache.org/licenses/LICENSE-2.0.txt"/>
+ </cdx:license>
+ <cdx:externalreferenceset
+ id="ant-common-refs"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <externalReference
+ type="LICENSE"
+ url="https://www.apache.org/licenses/LICENSE-2.0.txt"/>
+ <externalReference
+ type="MAILING_LIST"
+ url="https://ant.apache.org/mail.html"/>
+ <externalReference
+ type="SECURITY_CONTACT"
+ url="https://www.apache.org/security/"/>
+ <externalReference
+ type="rfc-9116"
+ url="https://ant.apache.org/.well-known/security.txt"/>
+ </cdx:externalreferenceset>
+ <cdx:externalreferenceset
+ id="antlib-ext-refs"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <externalReference
+ type="VCS"
+ url="https://gitbox.apache.org/repos/asf/ant-antlibs-props.git"/>
+ <externalReference
+ type="BUILD_SYSTEM"
+ url="https://ci-builds.apache.org/job/Ant/job/AntLib-props/"/>
+ <externalReference
+ type="ISSUE_TRACKER"
+
url="https://bz.apache.org/bugzilla/buglist.cgi?component=Props+Antlib&product=Ant"/>
+ <externalReference
+ type="WEBSITE"
+ url="https://ant.apache.org/antlibs/props/"/>
+ <externalReference
+ type="DISTRIBUTION"
+ url="https://ant.apache.org/antlibs/bindownload.cgi"/>
+ <externalReference
+ type="SOURCE_DISTRIBUTION"
+ url="https://ant.apache.org/antlibs/srcdownload.cgi"/>
+ </cdx:externalreferenceset>
+ <cdx:externalreferenceset
+ id="ant-ext-refs"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <externalReference
+ type="VCS"
+ url="https://gitbox.apache.org/repos/asf/ant.git"/>
+ <externalReference
+ type="BUILD_SYSTEM"
+ url="https://ci-builds.apache.org/job/Ant/"/>
+ <externalReference
+ type="ISSUE_TRACKER"
+ url="https://bz.apache.org/bugzilla/buglist.cgi?product=Ant"/>
+ <externalReference
+ type="WEBSITE"
+ url="https://ant.apache.org/"/>
+ <externalReference
+ type="ADVISORIES"
+
url="https://ant.apache.org/security.html#Apache%20Ant%20Security%20Vulnerabilities"/>
+ <externalReference
+ type="DOCUMENTATION"
+ url="https://ant.apache.org/manual/"/>
+ <externalReference
+ type="DISTRIBUTION"
+ url="https://ant.apache.org/bindownload.cgi"/>
+ <externalReference
+ type="SOURCE_DISTRIBUTION"
+ url="https://ant.apache.org/srcdownload.cgi"/>
+ <externalReference
+ type="RELEASE_NOTES"
+ url="https://github.com/apache/ant/blob/master/WHATSNEW"/>
+ </cdx:externalreferenceset>
+ </target>
+
+ <target name="create-antlib-sbom"
depends="define-cyclonedx-components,antlib">
+ <uptodate property="antlib-sbom-ok"
+ targetfile="${build.lib}/${artifact.stub}-cyclonedx.json">
+ <srcresources>
+ <file file="${jarname}"/>
+ <file file="ivy.xml"/>
+ <file file="cyclonedx.xml"/>
+ </srcresources>
+ </uptodate>
+ <cdx:componentbom
+ bomName="${artifact.stub}-cyclonedx"
+ outputdirectory="${build.lib}"
+ format="all"
+ useComponentSupplier="true"
+ useComponentManufacturer="true"
+ unless:set="antlib-sbom-ok"
+ xmlns:unless="ant:unless"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <component
+ name="${artifact.name}"
+ group="org.apache.ant"
+ version="${artifact.version}"
+ description="Apache Props Antlib"
+ publisher="The Apache Software Foundation"
+ supplierIsManufacturer="true">
+ <file file="${jarname}"/>
+ <supplier refid="ant-pmc"/>
+ <license refid="apache-2"/>
+ <externalReferenceSet refid="ant-common-refs"/>
+ <externalReferenceSet refid="antlib-ext-refs"/>
+ <dependency componentRef="ant"/>
+ </component>
+ <additionalComponent
+ name="ant"
+ group="org.apache.ant"
+ version="1.8.0"
+ isExternal="true"
+ id="ant">
+ <supplier refid="ant-pmc"/>
+ <license refid="apache-2"/>
+ <externalReferenceSet refid="ant-common-refs"/>
+ <externalReferenceSet refid="ant-ext-refs"/>
+ <dependency componentRef="ant-launcher"/>
+ </additionalComponent>
+ <additionalComponent
+ name="ant-launcher"
+ group="org.apache.ant"
+ version="1.8.0"
+ isExternal="true"
+ id="ant-launcher">
+ <supplier refid="ant-pmc"/>
+ <license refid="apache-2"/>
+ <externalReferenceSet refid="ant-common-refs"/>
+ <externalReferenceSet refid="ant-ext-refs"/>
+ </additionalComponent>
+ <license refid="apache-2"/>
+ </cdx:componentbom>
+ </target>
+
+ <target name="after-dist" depends="define-cyclonedx-components">
+ <macrodef name="distributionbom" backtrace="false">
+ <attribute name="version"/>
+ <attribute name="archiveName"/>
+ <attribute name="archiveUrl"/>
+ <attribute name="archiveLocation" default=""/>
+ <attribute name="outputDirectory"/>
+ <attribute name="description"/>
+ <attribute name="publisher"/>
+ <attribute name="componentType" default="file"/>
+ <attribute name="format" default="all"/>
+ <attribute name="useComponentManufacturer" default="true"/>
+ <attribute name="useComponentSupplier" default="true"/>
+ <attribute name="supplierIsManufacturer" default="true"/>
+ <element name="archiveContent"/>
+ <element name="componentChildren" optional="true"/>
+ <element name="additionalBomContent" optional="true"/>
+ <sequential
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <cdx:componentbom
+ bomName="@{archiveName}.cyclonedx"
+ outputdirectory="@{outputDirectory}"
+ format="@{format}"
+ useComponentManufacturer="@{useComponentManufacturer}"
+ useComponentSupplier="@{useComponentSupplier}">
+ <component
+ version="@{version}"
+ purl="@{archiveUrl}"
+ name="@{archiveUrl}"
+ description="@{description}"
+ publisher="@{publisher}"
+ type="@{componentType}"
+ supplierIsManufacturer="@{supplierIsManufacturer}">
+ <file file="@{archiveLocation}"
+ unless:blank="@{archiveLocation}" xmlns:unless="ant:unless"/>
+ <componentChildren/>
+ </component>
+ <pureFileComponents>
+ <archiveContent/>
+ </pureFileComponents>
+ <additionalBomContent/>
+ </cdx:componentbom>
+ </sequential>
+ </macrodef>
+ <macrodef name="create-tarball-bom">
+ <attribute name="distdir"/>
+ <attribute name="distbase"/>
+ <attribute name="subdir"/>
+ <attribute name="binsrc"/>
+ <attribute name="binarysource"/>
+ <attribute name="ext"/>
+ <element name="moreComponentChildren" implicit="true" optional="true"/>
+ <sequential>
+ <distributionbom
+ outputdirectory="@{distbase}"
+ version="${artifact.version}"
+ archiveName="${dist.name}-@{binsrc}.@{ext}"
+
archiveUrl="https://archive.apache.org/dist/ant/antlibs/props/@{subdir}/${dist.name}-@{binsrc}.@{ext}";
+ archiveLocation="@{distbase}/${dist.name}-@{binsrc}.@{ext}"
+ description="Apache Props Antlib @{binarysource}"
+ publisher="The Apache Software Foundation"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <componentChildren>
+ <supplier refid="ant-pmc"/>
+ <license refid="apache-2"/>
+ <externalReferenceSet refid="ant-common-refs"/>
+ <externalReferenceSet refid="antlib-ext-refs"/>
+ <moreComponentChildren/>
+ </componentChildren>
+ <archiveContent>
+ <fileset dir="@{distdir}/..">
+ <include name="${dist.name}/**"/>
+ </fileset>
+ </archiveContent>
+ <additionalBomContent>
+ <license refid="apache-2"/>
+ </additionalBomContent>
+ </distributionbom>
+ </sequential>
+ </macrodef>
+ <macrodef name="create-tarball-boms">
+ <attribute name="distdir"/>
+ <attribute name="distbase"/>
+ <attribute name="subdir"/>
+ <attribute name="binsrc"/>
+ <attribute name="binarysource"/>
+ <element name="componentChildren" implicit="true" optional="true"/>
+ <sequential>
+ <create-tarball-bom
+ distdir="@{distdir}"
+ distbase="@{distbase}"
+ subdir="@{subdir}"
+ binsrc="@{binsrc}"
+ binarysource="@{binarysource}"
+ ext="tar.gz">
+ <componentChildren/>
+ </create-tarball-bom>
+ <create-tarball-bom
+ distdir="@{distdir}"
+ distbase="@{distbase}"
+ subdir="@{subdir}"
+ binsrc="@{binsrc}"
+ binarysource="@{binarysource}"
+ ext="tar.bz2">
+ <componentChildren/>
+ </create-tarball-bom>
+ <create-tarball-bom
+ distdir="@{distdir}"
+ distbase="@{distbase}"
+ subdir="@{subdir}"
+ binsrc="@{binsrc}"
+ binarysource="@{binarysource}"
+ ext="zip">
+ <componentChildren/>
+ </create-tarball-bom>
+ </sequential>
+ </macrodef>
+ </target>
+
+ <target name="src-sboms" depends="after-dist">
+ <create-tarball-boms
+ distdir="${src.dist.dir}"
+ distbase="${dist.base}"
+ subdir="source"
+ binsrc="src"
+ binarysource="Source Distribution"/>
+ </target>
+
+ <target name="bin-sboms" depends="after-dist">
+ <create-tarball-boms
+ distdir="${bin.dist.dir}"
+ distbase="${dist.base}"
+ subdir="binaries"
+ binsrc="bin"
+ binarysource="Binary Distribution">
+ <component>
+ <sbomLink>
+ <file file="${bin.dist.dir}/${artifact.stub}-cyclonedx.json"/>
+ </sbomLink>
+ <file file="${bin.dist.dir}/${artifact.stub}.jar"/>
+ </component>
+ </create-tarball-boms>
+ </target>
+
+ <target name="fetch-cyclonedx" depends="resolve" if="with.ivy">
+ <ivy:cachepath organisation="org.apache.ant"
+ module="ant-cyclonedx"
+ revision="0.1"
+ inline="true"
+ conf="default"
+ pathid="cyclonedx.classpath"
+ log="download-only"/>
+ <typedef uri="antlib:org.apache.ant.cyclonedx"
+ resource="org/apache/ant/cyclonedx/antlib.xml"
+ classpathref="cyclonedx.classpath"/>
+ </target>
+</project>
