Build a component

Updated:2023-07-03

This is an example where your build commands are wrapped into the maia build component configuration file (MAIA.yml).

Summary

  • wrapping your build commands into the MAIA.yml enables the ability to create Activities in MAIA web app.
  • suitable when integrating MAIA Agent into an existing build pipeline.
  • the command must be executed from the directory of an already cloned repository.
  • execute maia git_scan prior to the maia build command.
  • the build command creates an SBOM file that is transferred to the MAIA web app.
  • no build core command options should be used.
  • build Activities options may be used.

Prepare

On a host where build is to be done:

  1. A git repository exists (cloned). The component name in MAIA is assumed to be equal to the repository name.
  2. MAIA web app can be reached via HTTP + Kafka is setup and can be reached.
  3. An API user exists in the MAIA web app, having the permissions:
    • Create artifacts
    • Create commits
    • Create/destroy environments
  4. The user has created an API token (referred to from the environment file).
  5. MAIA Agent is installed.
  6. The environment variable BUNDLE_GEMFILE points to the MAIA Agent Gemfile.
  7. The environment variable BLT_ENV points to the environment.yml file.

​ The environment file must have following variables defined:

  • BUILD_ROOT
  • DELIVERABLE_ROOT
  • LOG_ROOT
  • MAIA_CORE_HOST
  • MAIA_CORE_HTTP_PORT
  • MAIA_CORE_APP_CONTEXT
  • MAIA_CORE_USE_SSL
  • MAIA_CORE_API_TOKEN_FILE
  • COMPONENT_CONF_FILE
  • COMPONENT_STATE_FILE
  • KAFKA_BROKERS
  • KAFKA_TOPIC

SRC_ROOT is not used in this case.

  1. A Component Configuration File (CCF) is present.

Example 1

An example on how you can integrate MAIA Agent into a existing build pipeline where you wrap your build commands into the MAIA CCF (here MAIA.yml) to send build info to and create activities in the MAIA web app. The build command creates an SBOM file that is transferred to the MAIA web app.

  1. You have an existing build pipeline which is cloning the repo, creating pipeline configuration files and calling build commands (make in this example).
  2. MAIA.yml is present in the build directory. Your make commands have been moved to this configuration file.
  3. Your existing build pipeline is instead calling MAIA Agent commands to scan and build (with no activities created here).
:
:
bundle exec maia git_scan 
bundle exec maia build
:
:

Note that calling these commands creates two files.

  • COMPONENT_STATE_FILE, usually called '.make_state.yml'
  • GIT_SCAN_TRACKED_FILE, usually called 'tracked_commits'
  1. The MAIA git_scan and build commands are then running commands as specified in the corresponding MAIA.yml.
---
version: '5.0'
rev: <%= `make -s version`.chomp %>
prepare:
 cmd: make clean
build:
 cmd: make build
 dependency_generator: make -s dependency_list
  1. Your corresponding Makefile.
PRODUCT  = libxml2
VERSION  = 2.9.9
PACKAGE  = $(PRODUCT)-$(VERSION)
ARCHIVE  = $(PACKAGE).tar.gz
URL      = http://xmlsoft.org/sources/$(ARCHIVE)
CFG_ENV  =
CFG_OPTS = --without-ssl --enable-shared --enable-static=no --with-python=no --without-iconv
state.download:
    mkdir -p downloads && cd downloads && curl --fail $(URL) > $(ARCHIVE)
    touch state.download
state.unpack: state.download
    tar xvf downloads/$(ARCHIVE)
state.config: state.unpack
    cd $(PACKAGE) && $(CFG_ENV) ./configure $(CFG_OPTS)
    touch state.config
state.compile: state.config
    $(MAKE) -C $(PACKAGE) -j
    touch state.compile
build: state.compile
dependency_list:
    cd $(PACKAGE) && package_dependencies.rb $(PRODUCT) $(VERSION) $(URL)
clean:
    rm -rf downloads $(PACKAGE) state.*
version:
    echo $(VERSION)


Example 2

An example on how you can integrate MAIA Agent into a existing build pipeline where you wrap your build commands into the MAIA CCF (here MAIA.yml) to send build info to and create activities in the MAIA web app. The build command creates an SBOM file that is transferred to the MAIA web app.

  1. You have an existing build pipeline.
  2. MAIA.yml is present in the build directory. Your build commands have been moved to this configuration file.
  3. Your existing build pipeline is instead calling MAIA Agent commands to scan and build, here creating activities in MAIA.
:
echo "Activity label: $label"
uuid=$(cat /proc/sys/kernel/random/uuid)
bundle exec maia git_scan --activity-uuid $uuid $label
parent_uuid=$uuid; uuid=$(cat /proc/sys/kernel/random/uuid)
bundle exec maia build --activity-uuid $uuid --parent-activity-uuid $parent_uuid $label
:
:

Note that calling these commands creates two files.

  • COMPONENT_STATE_FILE, usually called '.make_state.yml'
  • GIT_SCAN_TRACKED_FILE, usually called 'tracked_commits'
  1. The MAIA git_scan and build commands are then running commands as specified in the corresponding MAIA.yml.
---
---
version: 5.0              # Protocol version, must be 5.0
component_name: template  # Optional. If defined it must be the same as the name of the component.
rev: 1.0.2                # User-specified revision
clean:
  cmd: rm -rf <%= build_root %>
prepare:
  cmd: make clean
build:
  cmd:
  - mvn clean install
  - rm -f <%= log_root %>/depend.txt
  - mvn dependency:list > <%= log_root %>/depend.txt
  dependency_generator:
  - grep-dependencies <%= log_root %>/depend.txt <%= src_root %>/pom.xml <%= src_root %>/features.xml

Results