Add calling license check on generated source SBOM

The license check is only called if VERIFY_SOURCE_SBOM is set to ON in the module_config.yaml. This way, a module can turn on the check only when ready. The license check is done via a perl script. Since no perl is available for Windows on ARM64, VERIFY_SOURCE_SBOM is set to OFF in this case. Task-number: QTBUG-131434 Change-Id: I183b7726928bbc925940330d39779a4ac2307254 Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io> (cherry picked from commit 153002f7d2904988efdd8abc68adff0f9927943b) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> (cherry picked from commit 01e5801cec6d444193c97a57faf3008b93f1d1d7) Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
2024-11-29 16:34:03 +01:00 · 2024-11-29 16:34:03 +01:00 · 37804d9555
commit 37804d9555
parent 22df2e6715
7 changed files with 127 additions and 30 deletions
--- a/cmake/QtPublicSbomOpsHelpers.cmake
+++ b/cmake/QtPublicSbomOpsHelpers.cmake
@ -499,6 +499,23 @@ function(_qt_internal_sbom_generate_reuse_source_sbom)
    endif()

    set(source_sbom_path "\${QT_SBOM_OUTPUT_PATH_WITHOUT_EXT}.source.spdx")
+    file(TO_CMAKE_PATH "$ENV{QT_QA_LICENSE_TEST_DIR}/$ENV{QT_SOURCE_SBOM_TEST_SCRIPT}"
+        full_path_to_license_test)
+    set(verify_source_sbom "
+            message(STATUS \"Verifying source SBOM ${source_sbom_path} using qtqa tst_licenses.pl ${full_path_to_license_test}\")
+            if(NOT EXISTS \"${full_path_to_license_test}\")
+                message(FATAL_ERROR \"Source SBOM check has failed: The tst_licenses.pl script could not be found at ${full_path_to_license_test}\")
+            endif()
+            execute_process(
+                COMMAND perl \"\$ENV{QT_SOURCE_SBOM_TEST_SCRIPT}\" -sbomonly -sbom \"${source_sbom_path}\"
+                WORKING_DIRECTORY \"\$ENV{QT_QA_LICENSE_TEST_DIR}\"
+                RESULT_VARIABLE res
+                COMMAND_ECHO STDOUT
+            )
+            if(NOT res EQUAL 0)
+                message(FATAL_ERROR \"Source SBOM check has failed: \${res}\")
+            endif()
+")

    set(content "
        message(STATUS \"Generating source SBOM using reuse tool: ${source_sbom_path}\")
@ -508,6 +525,9 @@ function(_qt_internal_sbom_generate_reuse_source_sbom)
            RESULT_VARIABLE res
        )
        ${handle_error}
+        if(\"\$ENV{VERIFY_SOURCE_SBOM}\"  STREQUAL \"ON\")
+            ${verify_source_sbom}
+        endif()
 ")

    file(GENERATE OUTPUT "${file_op}" CONTENT "${content}")
--- a/coin/instructions/coin_module_build_template_v2.yaml
+++ b/coin/instructions/coin_module_build_template_v2.yaml
@ -1,6 +1,7 @@
 type: Group
 instructions:
  - !include "{{qt/qtbase}}/prepare_building_env.yaml"
+  - !include "{{qt/qtbase}}/prepare_source_sbom_check.yaml"
  - type: Group
    instructions:
      - type: Group
--- a/coin/instructions/coin_qtbase_build_template_v2.yaml
+++ b/coin/instructions/coin_qtbase_build_template_v2.yaml
@ -1,6 +1,7 @@
 type: Group
 instructions:
  - !include "{{qt/qtbase}}/prepare_building_env.yaml"
+  - !include "{{qt/qtbase}}/prepare_source_sbom_check.yaml"
  - type: Group
    instructions:
      - !include "{{qt/qtbase}}/cmake_qtbase_build_instructions.yaml"
--- a/coin/instructions/prepare_license_test.yaml
+++ b/coin/instructions/prepare_license_test.yaml
@ -0,0 +1,47 @@
+type: Group
+instructions:
+    - type: ChangeDirectory
+      directory: "{{.AgentWorkingDir}}"
+    - type: EnvironmentVariable
+      variableName: QTQA_LICHECK_BRANCH
+      variableValue: "{{ slice .Env.TESTED_MODULE_BRANCH_COIN 5 }}"
+      enable_if:
+        condition: runtime
+        env_var: TESTED_MODULE_BRANCH_COIN
+        contains_value: "tqtc/"
+    - type: EnvironmentVariable
+      variableName: QTQA_LICHECK_BRANCH
+      variableValue: "{{ .Env.TESTED_MODULE_BRANCH_COIN }}"
+      disable_if:
+        condition: runtime
+        env_var: TESTED_MODULE_BRANCH_COIN
+        contains_value: "tqtc/"
+
+    # The command must not have whitespace directly after any piping,
+    # as whitespace directly after pipes will be interpreted as part of the command.
+    - type: ExecuteCommand
+      command: ["bash", "-c", "git clone --depth=1 -b {{ .Env.QTQA_LICHECK_BRANCH }} git://{{.Env.QT_COIN_GIT_DAEMON}}/qt-project/qt/qtqa qt/qtqa-latest ||git clone --depth=1 -b dev git://{{.Env.QT_COIN_GIT_DAEMON}}/qt-project/qt/qtqa qt/qtqa-latest"]
+      maxTimeInSeconds: 600
+      maxTimeBetweenOutput: 600
+      userMessageOnFailure: >
+              Failed to clone qtqa sources. Please investigate why.
+      disable_if:
+        condition: property
+        property: host.os
+        equals_value: Windows
+    - type: ExecuteCommand
+      command: ["cmd.exe", "/C", "git clone --depth=1 -b {{ .Env.QTQA_LICHECK_BRANCH }} git://{{.Env.QT_COIN_GIT_DAEMON}}/qt-project/qt/qtqa qt/qtqa-latest ||git clone --depth=1 -b dev git://{{.Env.QT_COIN_GIT_DAEMON}}/qt-project/qt/qtqa qt/qtqa-latest"]
+      executeCommandArgumentSplitingBehavior: SplitAfterVariableSubstitution
+      maxTimeInSeconds: 600
+      maxTimeBetweenOutput: 600
+      userMessageOnFailure: >
+            Failed to clone qtqa sources. Please investigate why.
+      enable_if:
+        condition: property
+        property: host.os
+        equals_value: Windows
+    - type: EnvironmentVariable
+      variableName: QT_MODULE_TO_TEST
+      variableValue: "{{.SourceDir}}"
+      userMessageOnFailure: >
+              Failed to set QT_MODULE_TO_TEST environment variable. This should not happen.
--- a/coin/instructions/prepare_source_sbom_check.yaml
+++ b/coin/instructions/prepare_source_sbom_check.yaml
@ -0,0 +1,52 @@
+type: Group
+instructions:
+    # need qemu toolchains update to have perl script verifying source SBOM
+    - type: Group
+      instructions:
+        - type: EnvironmentVariable
+          variableName: VERIFY_SOURCE_SBOM
+          variableValue: "OFF"
+      enable_if:
+        condition: and
+        conditions:
+        - condition: property
+          property: host.os
+          equals_value: Linux
+        - condition: property
+          property: target.arch
+          equals_value: MIPS64
+    - type: Group
+      instructions:
+        - type: EnvironmentVariable
+          variableName: VERIFY_SOURCE_SBOM
+          variableValue: "OFF"
+      enable_if:
+        condition: and
+        conditions:
+        - condition: property
+          property: host.os
+          equals_value: Windows
+        - condition: property
+          property: target.arch
+          equals_value: AARCH64
+    - type: Group
+      instructions:
+        - !include "{{qt/qtbase}}/prepare_license_test.yaml"
+        - type: Group
+          instructions:
+            - type: EnvironmentVariable
+              variableName: QT_QA_LICENSE_TEST_DIR
+              variableValue: "{{.AgentWorkingDir}}"
+            - type: EnvironmentVariable
+              variableName: QT_SOURCE_SBOM_TEST_SCRIPT
+              variableValue: "qt{{.Env.CI_PATH_SEP}}qtqa-latest{{.Env.CI_PATH_SEP}}tests{{.Env.CI_PATH_SEP}}prebuild{{.Env.CI_PATH_SEP}}license{{.Env.CI_PATH_SEP}}tst_licenses.pl"
+              userMessageOnFailure: >
+                Failed to set QT_SOURCE_SBOM_TEST_SCRIPT environment variable. This should not happen.
+      enable_if:
+        condition: property
+        property: features
+        contains_value: GenerateSBOM
+
+
+
+
--- a/coin/instructions/run_license_check.yaml
+++ b/coin/instructions/run_license_check.yaml
@ -1,35 +1,6 @@
 type: Group
 instructions:
-    - type: ChangeDirectory
-      directory: "{{.AgentWorkingDir}}"
-    - type: EnvironmentVariable
-      variableName: QTQA_LICHECK_BRANCH
-      variableValue: "{{ slice .Env.TESTED_MODULE_BRANCH_COIN 5 }}"
-      enable_if:
-        condition: runtime
-        env_var: TESTED_MODULE_BRANCH_COIN
-        contains_value: "tqtc/"
-    - type: EnvironmentVariable
-      variableName: QTQA_LICHECK_BRANCH
-      variableValue: "{{ .Env.TESTED_MODULE_BRANCH_COIN }}"
-      disable_if:
-        condition: runtime
-        env_var: TESTED_MODULE_BRANCH_COIN
-        contains_value: "tqtc/"
-
-    # The command must not have whitespace directly after any piping,
-    # as whitespace directly after pipes will be interpreted as part of the command.
-    - type: ExecuteCommand
-      command: ["bash", "-c", "git clone --depth=1 -b {{ .Env.QTQA_LICHECK_BRANCH }} git://{{.Env.QT_COIN_GIT_DAEMON}}/qt-project/qt/qtqa qt/qtqa-latest ||git clone --depth=1 -b dev git://{{.Env.QT_COIN_GIT_DAEMON}}/qt-project/qt/qtqa qt/qtqa-latest"]
-      maxTimeInSeconds: 600
-      maxTimeBetweenOutput: 600
-      userMessageOnFailure: >
-              Failed to clone qtqa sources. Please investigate why.
-    - type: EnvironmentVariable
-      variableName: QT_MODULE_TO_TEST
-      variableValue: "{{.SourceDir}}"
-      userMessageOnFailure: >
-              Failed to set QT_MODULE_TO_TEST environment variable. This should not happen.
+    - !include "{{qt/qtbase}}/prepare_license_test.yaml"
    - type: ExecuteCommand
      command: perl qt/qtqa-latest/tests/prebuild/license/tst_licenses.pl
      maxTimeInSeconds: 7200
--- a/coin/module_config.yaml
+++ b/coin/module_config.yaml
@ -12,7 +12,12 @@ machine_type:
    cores: 4

 instructions:
+
  Build:
+    # to be turned on when the module source SBOM pass the license check
+    - type: EnvironmentVariable
+      variableName: VERIFY_SOURCE_SBOM
+      variableValue: "OFF"
    - !include "{{qt/qtbase}}/coin_qtbase_build_template_v2.yaml"

  Test: