mck migration - sbom changes (#43)

nammn · web-flow · commit d7678614612d · 2025-04-28T09:57:01.000+02:00
# Summary This pull request updates the SBOM (Software Bill of Materials) generation script to reflect changes in product naming and repository structure. The most important changes involve renaming the product and repository references from "mongodb-enterprise" to "mongodb-kubernetes" and adjusting related logic and URLs accordingly. ### Updates to Product and Repository Naming: * Updated the product name from `mongodb-enterprise-cli` to `mongodb-kubernetes-cli` in the `generate_sbom_for_cli` function. This change ensures consistency with the new product naming convention. * Changed the repository reference from `mongodb/mongodb-enterprise-kubernetes` to `mongodb/mongodb-kubernetes` in both the `generate_sbom_for_cli` function and the `get_kondukto_sbom_data` function. This aligns with the updated repository structure. [[1]](diffhunk://#diff-f528f5c0ab79a2eab4bc1003d4d4ce8acfba708faf7ef217eb728aa78f1e6c4fL232-R242) [[2]](diffhunk://#diff-f528f5c0ab79a2eab4bc1003d4d4ce8acfba708faf7ef217eb728aa78f1e6c4fL269-L271) ### Adjustments to URLs and File Paths: * Updated the download URL for the CLI binary to reflect the new repository (`mongodb-kubernetes`) in the `generate_sbom_for_cli` function. * Removed redundant conditional logic in `get_kondukto_sbom_data`, simplifying the function by directly returning the updated repository reference. ### Documentation Update: * Updated the file description to replace "MCO and MEKO" with "MCK," reflecting the new product focus. ## Proof of Work - green ci ``` (venv) ~/projects/mongodb-kubernetes git:[sbom-changes] make sbom-tests ===================================================================================== test session starts ===================================================================================== platform darwin -- Python 3.13.1, pytest-7.4.3, pluggy-1.5.0 rootdir: /Users/nam.nguyen/projects/mongodb-kubernetes plugins: cov-6.0.0, socket-0.7.0, opentelemetry-1.1.0, asyncio-0.14.0, mock-3.14.0 collected 1 item generate_ssdlc_report_test.py . [100%] ====================================================================================== 1 passed in 5.14s ====================================================================================== ``` - [periodic](https://spruce.mongodb.com/version/680b880490ed260007a6d410/tasks?sorts=STATUS%3AASC%3BBASE_STATUS%3ADESC) must pass ## Checklist - [x] Have you linked a jira ticket and/or is the ticket in the title? - [x] Have you checked whether your jira ticket required DOCSP changes? - [x] Have you checked for release_note changes? ## Reminder (Please remove this when merging) - Please try to Approve or Reject Changes the PR, keep PRs in review as short as possible - Our Short Guide for PRs: [Link](https://docs.google.com/document/d/1T93KUtdvONq43vfTfUt8l92uo4e4SEEvFbIEKOxGr44/edit?tab=t.0) - Remember the following Communication Standards - use comment prefixes for clarity: * **blocking**: Must be addressed before approval. * **follow-up**: Can be addressed in a later PR or ticket. * **q**: Clarifying question. * **nit**: Non-blocking suggestions. * **note**: Side-note, non-actionable. Example: Praise * --> no prefix is considered a question
diff --git a/scripts/evergreen/release/sbom.py b/scripts/evergreen/release/sbom.py
@@ -1,6 +1,6 @@
 """SBOM manipulation library
 
-This file contains all necessary functions for manipulating SBOMs for MCO and MEKO. The intention is to run
+This file contains all necessary functions for manipulating SBOMs for MCK. The intention is to run
 generate_sbom and generate_sbom_for_cli on a daily basis per each shipped image and the CLI.
 
 The SSDLC reporting doesn't strictly require to follow the daily rebuild flow. However, triggering it is part of the
@@ -229,15 +229,17 @@ def generate_sbom_for_cli(cli_version: str = "1.25.0", platform: str = "linux/am
         with tempfile.TemporaryDirectory() as directory:
             sbom_lite_file_name = f"kubectl-mongodb-{cli_version}-{platform_sanitized}.json"
             sbom_augmented_file_name = f"kubectl-mongodb-{cli_version}-{platform_sanitized}-augmented.json"
-            product_name = "mongodb-enterprise-cli"
-            kondukto_project_repo = "mongodb/mongodb-enterprise-kubernetes"
+            product_name = "mongodb-kubernetes-cli"
+            kondukto_project_repo = "mongodb/mongodb-kubernetes"
             kondukto_branch_id = f"{product_name}-release-{cli_version}-{platform_sanitized}"
             s3_release_sbom_lite_path = f"sboms/release/lite/{product_name}/{cli_version}/{platform_sanitized}"
             s3_release_sbom_augmented_path = (
                 f"sboms/release/augmented/{product_name}/{cli_version}/{platform_sanitized}"
             )
             binary_file_name = f"kubectl-mongodb_{cli_version}_{platform_sanitized_with_underscores}.tar.gz"
-            download_binary_url = f"https://github.com/mongodb/mongodb-enterprise-kubernetes/releases/download/{cli_version}/{binary_file_name}"
+            download_binary_url = (
+                f"https://github.com/mongodb/mongodb-kubernetes/releases/download/{cli_version}/{binary_file_name}"
+            )
             unpacked_binary_file_name = "kubectl-mongodb"
 
             if not s3_path_exists(s3_release_sbom_augmented_path):
@@ -266,9 +268,7 @@ def generate_sbom_for_cli(cli_version: str = "1.25.0", platform: str = "linux/am
 def get_kondukto_sbom_data(image_name: str, tag: str, platform_sanitized: str):
     daily_project_branch_id = f"{image_name}-daily-{tag}-{platform_sanitized}"
     release_project_branch_id = f"{image_name}-release-{tag}-{platform_sanitized}"
-    if image_name.startswith("mongodb-enterprise"):
-        return daily_project_branch_id, release_project_branch_id, "mongodb/mongodb-kubernetes"
-    return daily_project_branch_id, release_project_branch_id, "mongodb/mongodb-kubernetes-operator"
+    return daily_project_branch_id, release_project_branch_id, "mongodb/mongodb-kubernetes"
 
 
 def s3_path_exists(s3_path):
