diff options
| author | Moss Heim <moss.heim@qt.io> | 2025-11-10 15:28:07 +0100 |
|---|---|---|
| committer | Moss Heim <moss.heim@qt.io> | 2025-12-08 14:50:48 +0000 |
| commit | e606854f39c29ccc0248b81765ef852c8bdb69bc (patch) | |
| tree | 54cb14de195a3fc91fc6f16582b9224f2196a330 | |
| parent | 56e0a40c10f40b1cb8ba95481b837d6b45b439c4 (diff) | |
[sbom] Fix SBOM generation for non-git builds130-based
If git run in src/3rdparty cannot find a "BASELINE: Update Chromium"
commit in the log then SBOM generation would either fail or have faulty
information. Do a check first that this commit is present and
if not, warn and exclude this info.
Fixes: QTBUG-137987
Change-Id: I6fb1db93025fbdfb0686bfcf9125ba1a457dbac1
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/684964
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
(cherry picked from commit 031a10673ee369c84b2db2669fc147adf175a3be)
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/693245
| -rw-r--r-- | chromium/tools/licenses/sbom.py | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/chromium/tools/licenses/sbom.py b/chromium/tools/licenses/sbom.py index fcae6cd4ab4..511ea0e1638 100644 --- a/chromium/tools/licenses/sbom.py +++ b/chromium/tools/licenses/sbom.py @@ -30,6 +30,10 @@ PACKAGES_TO_CLEAN_BAD_URL = [ 'PSM (Private Set Membership) client side', ] +# Command to find the first "Baseline" git commit in src/3rdparty +FIND_BASELINE_COMMIT_GIT_COMMAND = \ + ['git', 'rev-list', '-n1', '--first-parent', '--grep=^BASELINE: Update Chromium', 'HEAD', '--'] + # Hardcoded metadata for GN GN_BASE_METADATA = { 'Id': 'GN', @@ -124,7 +128,7 @@ class ExtendedSpdxJsonWriter(spdx_writer._SPDXJSONWriter): def GetDirectoryRevisionInfo(d): git_rev_list_result = subprocess.check_output( - ['git', 'rev-list', '-n1', '--first-parent', '--grep=BASELINE: Update Chromium', 'HEAD', '--', d], + FIND_BASELINE_COMMIT_GIT_COMMAND + [d], cwd=ROOT, text=True) commit_sha = git_rev_list_result.strip() @@ -139,6 +143,14 @@ def GetDirectoryRevisionInfo(d): comment_text = f'{num_revisions} revision{plural} added by Qt' return comment_text +def IsChromiumSubmoduleGitHistoryAvailable(): + baseline_cmd_result = subprocess.run( + FIND_BASELINE_COMMIT_GIT_COMMAND + ['.'], + cwd=ROOT, + capture_output=True, + encoding='utf-8') + return baseline_cmd_result.returncode == 0 and baseline_cmd_result.stdout.strip() + def GetTargetMetadatas(gn_binary: str, gn_out_dir: str, gn_target: str): optional_keys = list(CHROMIUM_TO_SPDX_KEY.keys()) + ['Short Name', 'CPEPrefix'] @@ -147,6 +159,12 @@ def GetTargetMetadatas(gn_binary: str, gn_out_dir: str, gn_target: str): third_party_dirs = license_tools.FindThirdPartyDeps(gn_binary, gn_out_dir, gn_target, True, 'all') os.chdir(prev_cwd) + # If src/3rdparty is not a git repo, skip adding revision info since it would fail on trying + # to invoke git. + can_include_git_info = IsChromiumSubmoduleGitHistoryAvailable() + if not can_include_git_info: + logger.warning("Could not find git history for '%s', git revision info will be missing" % os.path.join(ROOT, '..')) + metadatas = {} for d in third_party_dirs: if d in DIRECTORIES_TO_SKIP_BECAUSE_THEY_HAVE_VARIOUS_PARSING_ISSUES: @@ -160,7 +178,7 @@ def GetTargetMetadatas(gn_binary: str, gn_out_dir: str, gn_target: str): if not dir_metadata: print("Warning: Parsing '%s' returned nothing" % d) metadatas[d] = dir_metadata - git_revision_info = GetDirectoryRevisionInfo(d) + git_revision_info = GetDirectoryRevisionInfo(d) if can_include_git_info else None for dep_metadata in dir_metadata: num_licenses = len(dep_metadata['License File']) if num_licenses != 1: |