Add sbom pipeline (#384)

.gitignore

@@ -25,6 +25,7 @@ lerna-debug.log*
 junit.xml
 eslint.xml
 report.xml
+bom.json
 
 test-results/
 .vscode-test/

build/sbom/Jenkinsfile

@@ -0,0 +1,37 @@
+pipeline {
+  agent any
+
+  options {
+    buildDiscarder(logRotator(numToKeepStr: '30', artifactNumToKeepStr: '20'))
+  }
+
+  triggers {
+    cron '@midnight'
+  }
+
+  stages {
+    stage('build') {
+      steps {
+        script {
+          if (isReleasingBranch()) {
+            docker.build('node', '-f build/Dockerfile .').inside {
+              withCredentials([string(credentialsId: 'dependency-track', variable: 'API_KEY')]) {
+                sh 'npm run update:axonivy:next'
+                sh 'npm install'
+                sh 'npm run sbom'
+                def version = sh (script: "node -p \"require('./extension/package.json').version\"", returnStdout: true)
+                sh 'curl -v --fail -X POST https://api.dependency-track.ivyteam.io/api/v1/bom \
+                    -H "Content-Type: multipart/form-data" \
+                    -H "X-API-Key: ' + API_KEY + '" \
+                    -F "autoCreate=true" \
+                    -F "projectName=vscode-extensions" \
+                    -F "projectVersion=' + version + '" \
+                    -F "[email protected]"'
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}

package.json

@@ -21,6 +21,7 @@
     "package": "lerna run package",
     "package:with:engine": "lerna run package:with:engine",
     "publish:next": "lerna run publish:next",
+    "sbom": "npx --yes @cyclonedx/cyclonedx-npm --output-format JSON --output-file bom.json",
     "test:playwright": "npm run --workspace=@axonivy/vscode-extensions-playwright ui-tests",
     "test:playwright:stable": "RUN_STABLE_VERSION=true npm run test:playwright",
     "test:playwright:browser": "RUN_IN_BRWOSER=true npm run test:playwright",