Build a component no wrap

Updated:2023-07-03

This is an example where MAIA commands are run after your build commands to create traceability in MAIA.

Summary

  • suitable when integrating MAIA Agent into an existing build pipeline.
  • the command must be executed from the directory of an already cloned repository.
  • execute maia git_scan prior to the maia build command, and after your own build command.
  • the build command creates an SBOM file that is transferred to the MAIA web app.
  • no build core command options should be used.
  • build Activities options may not be used.

Prepare

On a host where build is to be done:

  1. A git repository exists (cloned). The component name in MAIA is assumed to be equal to the repository name.
  2. MAIA web app can be reached via HTTP + Kafka is setup and can be reached.
  3. An API user exists in the MAIA web app, having the permissions:
    • Create artifacts
    • Create commits
    • Create/destroy environments
  4. The user has created an API token (referred to from the environment file).
  5. MAIA Agent is installed.
  6. The environment variable BUNDLE_GEMFILE points to the MAIA Agent Gemfile.
  7. The environment variable BLT_ENV points to the environment.yml file.

‚Äč The environment file must have following variables defined:

  • BUILD_ROOT
  • DELIVERABLE_ROOT
  • LOG_ROOT
  • MAIA_CORE_HOST
  • MAIA_CORE_HTTP_PORT
  • MAIA_CORE_APP_CONTEXT
  • MAIA_CORE_USE_SSL
  • MAIA_CORE_API_TOKEN_FILE
  • COMPONENT_CONF_FILE
  • COMPONENT_STATE_FILE
  • KAFKA_BROKERS
  • KAFKA_TOPIC

SRC_ROOT is not used in this case.

  1. A Component Configuration File is present.

Example 1

An example on how you can integrate MAIA Agent into a existing build pipeline where call MAIA commands after your own build sequence. No Activities can be created in MAIA web app. The build command creates an SBOM file that is transferred to the MAIA web app.

  1. You have an existing build pipeline which is cloning the repo, creating pipeline configuration files and calling build commands (make in this example).
  2. MAIA.yml is present in the build directory.
  3. Your existing build pipeline is instead calling MAIA Agent commands to scan and build (with no activities created here).
:
:
make build
bundle exec maia git_scan 
bundle exec maia build
:
:

Note that calling these commands creates two files.

  • COMPONENT_STATE_FILE, usually called '.make_state.yml'
  • GIT_SCAN_TRACKED_FILE, usually called 'tracked_commits'
  1. Your corresponding Makefile.
PRODUCT  = libxml2
VERSION  = 2.9.9
PACKAGE  = $(PRODUCT)-$(VERSION)
ARCHIVE  = $(PACKAGE).tar.gz
URL      = http://xmlsoft.org/sources/$(ARCHIVE)
CFG_ENV  =
CFG_OPTS = --without-ssl --enable-shared --enable-static=no --with-python=no --without-iconv
state.download:
    mkdir -p downloads && cd downloads && curl --fail $(URL) > $(ARCHIVE)
    touch state.download
state.unpack: state.download
    tar xvf downloads/$(ARCHIVE)
state.config: state.unpack
    cd $(PACKAGE) && $(CFG_ENV) ./configure $(CFG_OPTS)
    touch state.config
state.compile: state.config
    $(MAKE) -C $(PACKAGE) -j
    touch state.compile
build: state.compile

clean:
    rm -rf downloads $(PACKAGE) state.*
version:
    echo $(VERSION)
  1. The MAIA git_scan and build commands are then running commands as specified in the corresponding MAIA.yml creating traceability information in the MAIA web app.
---
version: '5.0'
rev: <%= `make -s version`.chomp %>

build:
 cmd:
 dependency_generator:
 - cd $(PACKAGE) && package_dependencies.rb $(PRODUCT) $(VERSION) $(URL)


Example 2

An example on how you can integrate MAIA Agent into a existing build pipeline where call MAIA commands after your own build sequence. No Activities can be created in MAIA web app. The build command creates an SBOM file that is transferred to the MAIA web app.

  1. You have an existing build pipeline.
  2. MAIA.yml is present in the build directory.
  3. Your existing build pipeline is calling MAIA Agent commands after your own build commands.
:
mvn clean install
rm -f <%= log_root %>/depend.txt
mvn dependency:list > <%= log_root %>/depend.txt
bundle exec maia git_scan
bundle exec maia build
:
:

Note that calling these commands creates two files.

  • COMPONENT_STATE_FILE, usually called '.make_state.yml'
  • GIT_SCAN_TRACKED_FILE, usually called 'tracked_commits'
  1. The MAIA git_scan and build commands are then running commands as specified in the corresponding MAIA.yml creating traceability information in the MAIA web app.
---
---
version: 5.0              # Protocol version, must be 5.0

build:
  cmd:
  dependency_generator:
  - grep-dependencies <%= log_root %>/depend.txt <%= src_root %>/pom.xml <%= src_root %>/features.xml