Fix SBOM behavior on forks (#4686)

* Use a YAML template for inserting sbom steps * Review feedback: naming * Tab * Ensure SBOM path exists
2023-06-02 16:07:22 -07:00 · 2023-06-02 16:07:22 -07:00 · b89e2f79d0
commit b89e2f79d0
parent e05c92c484
3 changed files with 24 additions and 22 deletions
--- a/eng/pipelines/templates/jobs/archetype-sdk-client.yml
+++ b/eng/pipelines/templates/jobs/archetype-sdk-client.yml
@ -309,14 +309,4 @@ jobs:

        - template: /eng/common/pipelines/templates/steps/eng-common-workflow-enforcer.yml

-        - ${{if eq(variables['System.TeamProject'], 'internal') }}:
-          - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-            displayName: 'Generate BOM'
-            condition: succeededOrFailed()
-            inputs:
-              BuildDropPath: $(Build.SourcesDirectory)/build
-
-          - template: /eng/common/pipelines/templates/steps/publish-artifact.yml
-            parameters:
-              ArtifactPath: '$(Build.SourcesDirectory)/build/_manifest'
-              ArtifactName: 'release_artifact_manifest'
+        - template: /eng/pipelines/templates/steps/generate-and-publish-sbom.yml
--- a/eng/pipelines/templates/jobs/ci.tests.yml
+++ b/eng/pipelines/templates/jobs/ci.tests.yml
@ -329,14 +329,6 @@ jobs:
        displayName: Set bom file artifact name
        condition: succeededOrFailed()

-      - ${{if eq(variables['System.TeamProject'], 'internal') }}:
-        - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
-          displayName: 'Generate BOM'
-          condition: succeededOrFailed()
-          inputs:
-            BuildDropPath: $(Build.ArtifactStagingDirectory)
-
-        - template: /eng/common/pipelines/templates/steps/publish-artifact.yml
-          parameters:
-            ArtifactPath: '$(Build.ArtifactStagingDirectory)/_manifest'
-            ArtifactName: 'bom_manifest_$(BomArtifactName)'
+      - template: /eng/pipelines/templates/steps/generate-and-publish-sbom.yml
+        parameters:
+          BomArtifactName: $(BomArtifactName)
--- a/eng/pipelines/templates/steps/generate-and-publish-sbom.yml
+++ b/eng/pipelines/templates/steps/generate-and-publish-sbom.yml
@ -0,0 +1,20 @@
+parameters:
+  BuildDropPath: $(Build.ArtifactStagingDirectory)/sbom
+  BomArtifactName: release_artifact_manifest
+
+steps:
+  - ${{if and(eq(variables['System.TeamProject'], 'internal'), ne(variables['Build.Reason'], 'PullRequest')) }}:
+
+    - pwsh: New-Item -ItemType Directory -Path '${{ parameters.BuildDropPath }}' -Force
+      displayName: Ensure SBOM build drop path exists
+
+    - task: AzureArtifacts.manifest-generator-task.manifest-generator-task.ManifestGeneratorTask@0
+      displayName: 'Generate BOM'
+      condition: succeededOrFailed()
+      inputs:
+        BuildDropPath: ${{ parameters.BuildDropPath }}
+
+    - template: /eng/common/pipelines/templates/steps/publish-artifact.yml
+      parameters:
+        ArtifactPath: ${{ parameters.BuildDropPath }}/_manifest
+        ArtifactName: ${{ parameters.BomArtifactName }}