Skip to content

CLOUDP-334949: Remove scripts and update documentation about SSDL process #2820

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

CLOUDP-334949: Remove scripts and update documentation about SSDL process #2820

wants to merge 1 commit into from

Conversation

@helderjs
Copy link
Collaborator

Summary

Proof of Work

Checklist

  • Have you linked a jira ticket and/or is the ticket in the title?
  • Have you checked whether your jira ticket required DOCSP changes?
  • Have you checked for release_note changes?
  • Have you signed our CLA?

Reminder (Please remove this when merging)

  • Please try to Approve or Reject Changes the PR, keep PRs in review as short as possible
  • Remember the following Communication Standards - use comment prefixes for clarity:
    • blocking: Must be addressed before approval.
    • follow-up: Can be addressed in a later PR or ticket.
    • q: Clarifying question.
    • nit: Non-blocking suggestions.
    • note: Side-note, non-actionable. Example: Praise
    • --> no prefix is considered a question

@helderjs helderjs requested a review from a team as a code owner October 21, 2025 09:10
josvazg
josvazg requested changes Oct 21, 2025
View reviewed changes
Makefile
Comment on lines -602 to -615
.PHONY: upload-sbom-to-kondukto
upload-sbom-to-kondukto: ## Upload a given SBOM (lite) file to Kondukto
@KONDUKTO_REPO=$(KONDUKTO_REPO) KONDUKTO_BRANCH_PREFIX=$(KONDUKTO_BRANCH_PREFIX) \
./scripts/upload-to-kondukto.sh $(SBOM_JSON_FILE)

.PHONY: augment-sbom
augment-sbom: ## augment the latest SBOM for a given architecture on a given directory
@KONDUKTO_REPO=$(KONDUKTO_REPO) KONDUKTO_BRANCH_PREFIX=$(KONDUKTO_BRANCH_PREFIX) \
./scripts/augment-sbom.sh $(SBOM_JSON_FILE) tmp

.PHONY: store-augmented-sboms
store-augmented-sboms: ## Augment & Store the latest SBOM for a given version & architecture
KONDUKTO_BRANCH_PREFIX=$(KONDUKTO_BRANCH_PREFIX) ./scripts/store-sbom-in-s3.sh $(VERSION) $(TARGET_ARCH) $(SBOMS_DIR)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately it is not that easy. We can remove the storage to S3, but not uploading to Kondukto, taht still needs to happen and needs to be manual.

Basically here store-augmented-sboms can go away, but the rest need to remain. And the instructions for those need to be preserved as well.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Talked offline: if the augmentation and upload to Kondukto has been automated by the new release process elsewhere, it is fine to proceed with this removal and the manual instructions clean-up. Let's just double check that is the case first.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@josvazg josvazg josvazg requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@helderjs @josvazg