Skip to content

Update build scripts to improve intoto.jsonl file handling #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
riggaroo merged 3 commits into from
Aug 5, 2025
Merged

Update build scripts to improve intoto.jsonl file handling #90

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1ec40ee
Update build scripts to improve intoto.jsonl file handling
riggaroo Aug 4, 2025
80607eb
Add SPDX SBOM generation for release builds
riggaroo Aug 4, 2025
6bcaa03
Dont fail on no intoto.jsonl file not found as its not present on pre…
riggaroo Aug 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions app/build.gradle.kts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ plugins {
alias(libs.plugins.crashlytics)
alias(libs.plugins.baselineprofile)
id("com.google.android.gms.oss-licenses-plugin")
id("org.spdx.sbom") version "0.9.0"
}

android {
Expand Down Expand Up @@ -99,6 +100,16 @@ baselineProfile() {
dexLayoutOptimization = true
}

spdxSbom {
targets {
// create a target named "release",
// this is used for the task name (spdxSbomForRelease)
// and output file (release.spdx.json)
create("release") {
configurations.set(listOf("releaseRuntimeClasspath"))
}
}
}
dependencies {
debugImplementation(libs.leakcanary.android)
implementation(libs.androidx.app.startup)
Expand Down Expand Up @@ -155,3 +166,4 @@ androidComponents {
variantBuilder.enableAndroidTest = false
}
}

35 changes: 22 additions & 13 deletions build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ echo "INFO: Cleaning the project..."

# Build the production release bundle without generating a baseline profile.
echo "INFO: Building the production release bundle..."
./gradlew app:bundleRelease -x test -Pandroid.sdk.path=$ANDROID_HOME -PCI_BUILD=true
./gradlew app:bundleRelease app:spdxSbomForRelease -x test -Pandroid.sdk.path=$ANDROID_HOME -PCI_BUILD=true

# --- Artifact Collection ---
echo "INFO: Preparing artifacts for Kokoro..."
Expand All @@ -116,17 +116,26 @@ if [[ -f "$AAB_PATH" ]]; then
cp "${AAB_PATH}" "${ARTIFACT_DEST_DIR}/app-release-unsigned.aab"
echo "SUCCESS: AAB copied to ${ARTIFACT_DEST_DIR}"

# Copy any .intointo.jsonl files to the artifact directory
echo "INFO: Searching for and copying .intointo.jsonl files..."
ls
echo "INFO: Logging output directory contents"
ls "$AAB_SRC_DIR/"
find . -type f -name "*.intointo.jsonl" -print0 | xargs -0 -I {} cp {} "${ARTIFACT_DEST_DIR}/"
echo "INFO: Finished copying .intointo.jsonl files."
# Find and list the files before copying
# Store the find results in a variable to avoid running find twice
# and to handle the case where no files are found gracefully.
intoto_files=$(find . -type f -name "*.intoto.jsonl")

if [ -n "$intoto_files" ]; then
echo "INFO: Found the following .intoto.jsonl files:"
echo "$intoto_files" # This will list each file on a new line
echo "INFO: Copying .intoto.jsonl files to ${ARTIFACT_DEST_DIR}/"
# Use print0 and xargs -0 for safe handling of filenames with spaces or special characters
find . -type f -name "*.intoto.jsonl" -print0 | xargs -0 -I {} cp {} "${ARTIFACT_DEST_DIR}/"
else
echo "INFO: No .intoto.jsonl files found."
fi

else
echo "FAILURE: AAB not found at ${AAB_PATH}"
# Optionally fail the build: exit 1
fi
echo "INFO: Copying SPDX SBOM..."
# The output file from app:spdxSbomForRelease is build/spdx/release.spdx.json
cp app/build/spdx/release.spdx.json "${KOKORO_ARTIFACTS_DIR}/artifacts/app-release.spdx.json"

exit 0
else
echo "FAILURE: AAB not found at ${AAB_PATH}"
exit 1
fi
29 changes: 20 additions & 9 deletions build_presubmit.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ echo "INFO: Cleaning the project..."

# Build the production release bundle without generating a baseline profile.
echo "INFO: Building the production release bundle..."
./gradlew app:bundleRelease -x test -x uploadCrashlyticsMappingFileRelease -Pandroid.sdk.path=$ANDROID_HOME -PCI_BUILD=true
./gradlew app:bundleRelease app:spdxSbomForRelease -x test -x uploadCrashlyticsMappingFileRelease -Pandroid.sdk.path=$ANDROID_HOME -PCI_BUILD=true

# --- Artifact Collection ---
echo "INFO: Preparing artifacts for Kokoro..."
Expand All @@ -117,17 +117,28 @@ if [[ -f "$AAB_PATH" ]]; then
cp "${AAB_PATH}" "${ARTIFACT_DEST_DIR}/app-release-unsigned.aab"
echo "SUCCESS: AAB copied to ${ARTIFACT_DEST_DIR}"

# Copy any .intointo.jsonl files to the artifact directory
echo "INFO: Searching for and copying .intointo.jsonl files..."
ls
echo "INFO: Logging output directory contents"
ls "$AAB_SRC_DIR/"
find . -type f -name "*.intointo.jsonl" -print0 | xargs -0 -I {} cp {} "${ARTIFACT_DEST_DIR}/"
echo "INFO: Finished copying .intointo.jsonl files."
# Find and list the files before copying
# Store the find results in a variable to avoid running find twice
# and to handle the case where no files are found gracefully.
intoto_files=$(find . -type f -name "*.intoto.jsonl")

if [ -n "$intoto_files" ]; then
echo "INFO: Found the following .intoto.jsonl files:"
echo "$intoto_files" # This will list each file on a new line
echo "INFO: Copying .intoto.jsonl files to ${ARTIFACT_DEST_DIR}/"
# Use print0 and xargs -0 for safe handling of filenames with spaces or special characters
find . -type f -name "*.intoto.jsonl" -print0 | xargs -0 -I {} cp {} "${ARTIFACT_DEST_DIR}/"
else
echo "INFO: No .intoto.jsonl files found."
fi

echo "INFO: Copying SPDX SBOM..."
# The output file from app:spdxSbomForRelease is build/spdx/release.spdx.json
cp app/build/spdx/release.spdx.json "${KOKORO_ARTIFACTS_DIR}/artifacts/app-release.spdx.json"

else
echo "FAILURE: AAB not found at ${AAB_PATH}"
# Optionally fail the build: exit 1
exit 1
fi

exit 0
1 change: 1 addition & 0 deletions kokoro/gcp_ubuntu_docker/continuous.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ action {
define_artifacts {
regex: "artifacts/**.aab"
regex: "artifacts/**.intoto.jsonl"
sbom_regex: "artifacts/app-release.spdx.json"
# Optional: Removes the "artifacts/" part from the path in the artifact storage
strip_prefix: "artifacts"
fail_if_no_artifacts: true
Expand Down
2 changes: 1 addition & 1 deletion kokoro/gcp_ubuntu_docker/presubmit.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ action {
define_artifacts {
regex: "artifacts/**.aab"
regex: "artifacts/**.intoto.jsonl"

sbom_regex: "artifacts/app-release.spdx.json"
# Optional: Removes the "artifacts/" part from the path in the artifact storage
strip_prefix: "artifacts"
fail_if_no_artifacts: true
Expand Down
1 change: 1 addition & 0 deletions kokoro/gcp_ubuntu_docker/release.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ action {
define_artifacts {
regex: "artifacts/**.aab"
regex: "artifacts/**.intoto.jsonl"
sbom_regex: "artifacts/app-release.spdx.json"

# Optional: Removes the "artifacts/" part from the path in the artifact storage
strip_prefix: "artifacts"
Expand Down