CMake: Add function to set up SBOM generation defaults

Move the setting up of options like QT_GENERATE_SBOM into a separate function, that can be called by projects other than Qt. Pick-to: 6.8 6.9 Task-number: QTBUG-122899 Change-Id: I337c4e9b0b3154ff97f494887bf88ee01e8ed00c Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
2025-02-27 16:53:23 +01:00 · 2025-02-27 16:53:23 +01:00 · dc5c7f9ead
commit dc5c7f9ead
parent cf9f09cd60
2 changed files with 43 additions and 11 deletions
--- a/cmake/QtBuildOptionsHelpers.cmake
+++ b/cmake/QtBuildOptionsHelpers.cmake
@ -344,17 +344,9 @@ endfunction()
 macro(qt_internal_setup_sbom)
    qt_internal_compute_sbom_default(_qt_generate_sbom_default)

-    option(QT_GENERATE_SBOM "Generate SBOM documents in SPDX v2.3 tag:value format."
-        "${_qt_generate_sbom_default}")
-
-    option(QT_SBOM_GENERATE_JSON
-        "Generate SBOM documents in SPDX v2.3 JSON format if dependencies are available" ON)
-    option(QT_SBOM_REQUIRE_GENERATE_JSON
-        "Error out if JSON SBOM generation dependencies are not found." OFF)
-
-    option(QT_SBOM_VERIFY "Verify generated SBOM documents." ON)
-    option(QT_SBOM_REQUIRE_VERIFY
-        "Error out if SBOM verification dependencies are not found." OFF)
+    _qt_internal_setup_sbom(
+        GENERATE_SBOM_DEFAULT "${_qt_generate_sbom_default}"
+    )
 endmacro()

 macro(qt_internal_setup_build_examples)
--- a/cmake/QtPublicSbomHelpers.cmake
+++ b/cmake/QtPublicSbomHelpers.cmake
@ -346,6 +346,46 @@ function(_qt_internal_sbom_setup_project_ops)
    _qt_internal_sbom_setup_project_ops_generation(${options})
 endfunction()

+# Sets up SBOM generation and verification options.
+# By default SBOM generation is disabled.
+# By default JSON generation and SBOM verification are enabled by default, if the dependencies
+# are present, otherwise they will be silently skipped. Unless the user explicitly requests to
+# fail the build if the dependencies are not found.
+#
+# The QT_GENERATE_SBOM_DEFAULT option can be set by a project to change the default value.
+function(_qt_internal_setup_sbom)
+    set(opt_args "")
+    set(single_args
+        GENERATE_SBOM_DEFAULT
+    )
+    set(multi_args "")
+
+    cmake_parse_arguments(PARSE_ARGV 0 arg "${opt_args}" "${single_args}" "${multi_args}")
+    _qt_internal_validate_all_args_are_parsed(arg)
+
+    set(default_value "OFF")
+    if(NOT "${arg_GENERATE_SBOM_DEFAULT}" STREQUAL "")
+        set(default_value "${arg_GENERATE_SBOM_DEFAULT}")
+    endif()
+
+    option(QT_GENERATE_SBOM "Generate SBOM documents in SPDX v2.3 tag:value format."
+        "${default_value}")
+
+    string(CONCAT help_string
+        "Generate SBOM documents in SPDX v2.3 JSON format if required python dependency "
+        "spdx-tools is available"
+    )
+
+    option(QT_SBOM_GENERATE_JSON
+        "${help_string}" ON)
+    option(QT_SBOM_REQUIRE_GENERATE_JSON
+        "Error out if JSON SBOM generation depdendency is not found." OFF)
+
+    option(QT_SBOM_VERIFY "Verify generated SBOM documents using python spdx-tools package." ON)
+    option(QT_SBOM_REQUIRE_VERIFY
+        "Error out if SBOM verification dependencies are not found." OFF)
+endfunction()
+
 # Ends repo sbom project generation.
 # Should be called after all relevant targets are added to the sbom.
 # Handles registering sbom info for recorded system libraries and then creates the sbom build