Skip to content

Commit 2d57672

Browse files
corneliusludmanncorneliusludmann
committed
[sbom+yarn] move back to yarn library
1 parent 40ff9ea commit 2d57672

1 file changed

Lines changed: 23 additions & 22 deletions

File tree

pkg/leeway/build.go

Lines changed: 23 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1127,31 +1127,32 @@ func (p *Package) buildYarn(buildctx *buildContext, wd, result string) (bld *pac
11271127
}
11281128
var modifiedPackageJSON bool
11291129

1130-
var packageJSONFiles []interface{}
1131-
if rfs, ok := packageJSON["files"]; ok {
1132-
fs, ok := rfs.([]interface{})
1133-
if !ok {
1134-
return nil, xerrors.Errorf("invalid package.json: files section is not a list of strings")
1135-
}
1136-
packageJSONFiles = fs
1137-
}
1138-
1139-
if p.C.W.Provenance.Enabled {
1140-
packageJSONFiles = append(packageJSONFiles, provenanceBundleFilename)
1141-
packageJSON["files"] = packageJSONFiles
1142-
modifiedPackageJSON = true
1143-
}
1144-
if p.C.W.SBOM.Enabled {
1145-
packageJSONFiles = append(packageJSONFiles, sbomCycloneDXFilename)
1146-
packageJSONFiles = append(packageJSONFiles, sbomSPDXFilename)
1147-
packageJSONFiles = append(packageJSONFiles, sbomSyftFilename)
1148-
packageJSON["files"] = packageJSONFiles
1149-
modifiedPackageJSON = true
1150-
}
1151-
11521130
if cfg.Packaging == YarnLibrary {
11531131
// We can't modify the `yarn pack` generated tar file without runnign the risk of yarn blocking when attempting to unpack it again. Thus, we must include the pkgYarnLock in the npm
11541132
// package we're building. To this end, we modify the package.json of the source package.
1133+
var packageJSONFiles []interface{}
1134+
1135+
if rfs, ok := packageJSON["files"]; ok {
1136+
fs, ok := rfs.([]interface{})
1137+
if !ok {
1138+
return nil, xerrors.Errorf("invalid package.json: files section is not a list of strings")
1139+
}
1140+
packageJSONFiles = fs
1141+
}
1142+
1143+
if p.C.W.Provenance.Enabled {
1144+
packageJSONFiles = append(packageJSONFiles, provenanceBundleFilename)
1145+
packageJSON["files"] = packageJSONFiles
1146+
modifiedPackageJSON = true
1147+
}
1148+
if p.C.W.SBOM.Enabled {
1149+
packageJSONFiles = append(packageJSONFiles, sbomCycloneDXFilename)
1150+
packageJSONFiles = append(packageJSONFiles, sbomSPDXFilename)
1151+
packageJSONFiles = append(packageJSONFiles, sbomSyftFilename)
1152+
packageJSON["files"] = packageJSONFiles
1153+
modifiedPackageJSON = true
1154+
}
1155+
11551156
packageJSONFiles = append(packageJSONFiles, pkgYarnLock)
11561157
packageJSON["files"] = packageJSONFiles
11571158
modifiedPackageJSON = true

0 commit comments

Comments
 (0)