feat(SBOMER-287): Generate release manifests for Text-Only advisories

core/src/main/java/org/jboss/sbomer/core/features/sbom/utils/SbomUtils.java

@@ -99,6 +99,8 @@
 import com.github.packageurl.PackageURL;
 import com.github.packageurl.PackageURLBuilder;
 
+import org.jboss.sbomer.core.features.sbom.utils.RhVersionPattern;
+
 public class SbomUtils {
 
     private SbomUtils() {
@@ -175,7 +177,9 @@ private static void setCoordinates(Component component, Artifact artifact) {
                 } else if (scopeName.length == 1) {
                     component.setName(scopeName[0]);
                 } else {
-                    log.warn("Unexpected number of slashes in NPM artifact name {}, using it fully", coordinates.getName());
+                    log.warn(
+                            "Unexpected number of slashes in NPM artifact name {}, using it fully",
+                            coordinates.getName());
                     component.setName(coordinates.getName());
                 }
                 component.setVersion(coordinates.getVersionString());
@@ -1066,4 +1070,50 @@ private static String rebuildPurl(Component component) {
             return null;
         }
     }
+
+    /**
+     * Creates a new purl with the same name, namespace, subpath, type, version and qualifiers and add the specified
+     * qualifier. If "redHatComponentsOnly" is true, add the qualifiers only if the component has a Red Hat version.
+     * Finally rebuilds the purl to make sure it is valid and qualifiers are properly sorted.
+     *
+     * @param component the input component which has the purl to modify
+     * @param qualifiers the Map with the qualifiers key-value
+     * @param redHatComponentsOnly boolean, true if the qualifiers should be added only to components with Red Hat
+     *        version
+     * @return The new validated purl as string.
+     */
+    public static String addQualifiersToPurlOfComponent(
+            Component component,
+            Map<String, String> qualifiers,
+            boolean redHatComponentsOnly) {
+
+        // In case this is not a RH artifact, do not update the purl
+        if (redHatComponentsOnly && !RhVersionPattern.isRhVersion(component.getVersion())
+                && !RhVersionPattern.isRhPurl(component.getPurl())) {
+            return component.getPurl();
+        }
+
+        try {
+            PackageURL purl = new PackageURL(component.getPurl());
+            PackageURLBuilder builder = PackageURLBuilder.aPackageURL()
+                    .withName(purl.getName())
+                    .withNamespace(purl.getNamespace())
+                    .withSubpath(purl.getSubpath())
+                    .withType(purl.getType())
+                    .withVersion(purl.getVersion());
+
+            if (purl.getQualifiers() != null) {
+                // Copy all the original qualifiers
+                purl.getQualifiers().forEach((k, v) -> builder.withQualifier(k, v));
+            }
+
+            // Add the qualifiers
+            qualifiers.forEach((k, v) -> builder.withQualifier(k, v));
+
+            return builder.build().toString();
+        } catch (MalformedPackageURLException | IllegalArgumentException e) {
+            log.warn("Error while adding new qualifiers to component with purl {}", component.getPurl(), e);
+            return component.getPurl();
+        }
+    }
 }

service/src/main/java/org/jboss/sbomer/service/feature/sbom/errata/event/EventNotificationFiringUtil.java

@@ -18,7 +18,8 @@
 package org.jboss.sbomer.service.feature.sbom.errata.event;
 
 import org.jboss.sbomer.service.feature.sbom.errata.event.comment.RequestEventStatusUpdateEvent;
-import org.jboss.sbomer.service.feature.sbom.errata.event.release.AdvisoryReleaseEvent;
+import org.jboss.sbomer.service.feature.sbom.errata.event.release.StandardAdvisoryReleaseEvent;
+import org.jboss.sbomer.service.feature.sbom.errata.event.release.TextOnlyAdvisoryReleaseEvent;
 
 import io.quarkus.arc.Arc;
 import jakarta.enterprise.event.Event;
@@ -42,16 +43,23 @@ public static void notifyRequestEventStatusUpdate(Object requestEventNotificatio
     }
 
     public static void notifyAdvisoryRelease(Object advisoryReleaseNotification) {
-        AdvisoryReleaseEvent releaseEvent = (AdvisoryReleaseEvent) advisoryReleaseNotification;
-        log.info(
-                "Firing async event for advisory release update upon event with id: {}",
-                releaseEvent.getRequestEventId());
+        if (advisoryReleaseNotification instanceof StandardAdvisoryReleaseEvent) {
+            StandardAdvisoryReleaseEvent releaseEvent = (StandardAdvisoryReleaseEvent) advisoryReleaseNotification;
+            log.info(
+                    "Firing async event for standard advisory release update upon event with id: {}",
+                    releaseEvent.getRequestEventId());
+        } else {
+            TextOnlyAdvisoryReleaseEvent releaseEvent = (TextOnlyAdvisoryReleaseEvent) advisoryReleaseNotification;
+            log.info(
+                    "Firing async event for text-only advisory release update upon event with id: {}",
+                    releaseEvent.getRequestEventId());
+        }
+
         Event<Object> event = Arc.container().beanManager().getEvent();
         event.fireAsync(advisoryReleaseNotification).whenComplete((result, throwable) -> {
             if (throwable != null) {
                 log.error("Error occurred while processing the async event.", throwable);
             }
         });
     }
-
 }

service/src/main/java/org/jboss/sbomer/service/feature/sbom/errata/event/release/ReleaseAdvisoryEventsListener.java

@@ -116,8 +116,8 @@ public class ReleaseAdvisoryEventsListener {
 
     private static final String NVR_STANDARD_SEPARATOR = "-";
 
-    public void onReleaseAdvisoryEvent(@ObservesAsync AdvisoryReleaseEvent event) {
-        log.debug("Event received for advisory release ...");
+    public void onReleaseAdvisoryEvent(@ObservesAsync StandardAdvisoryReleaseEvent event) {
+        log.debug("Event received for standard advisory release ...");
 
         RequestEvent requestEvent = requestEventRepository.findById(event.getRequestEventId());
         try {
@@ -206,7 +206,7 @@ protected void releaseManifestsForRPMBuilds(
             Errata erratum,
             Map<ProductVersionEntry, List<BuildItem>> advisoryBuildDetails,
             V1Beta1RequestRecord advisoryManifestsRecord,
-            Map<ProductVersionEntry, SbomGenerationRequest> releaseGenerations,
+            Map<String, SbomGenerationRequest> releaseGenerations,
             String toolVersion,
             Component.Type productType,
             Map<ProductVersionEntry, Set<String>> productVersionToCPEs,
@@ -240,7 +240,7 @@ protected void releaseManifestsForRPMBuilds(
 
             SbomUtils.addMissingSerialNumber(productVersionBom);
 
-            SbomGenerationRequest releaseGeneration = releaseGenerations.get(productVersion);
+            SbomGenerationRequest releaseGeneration = releaseGenerations.get(productVersion.getName());
             Sbom sbom = saveReleaseManifestForRPMGeneration(
                     requestEvent,
                     erratum,
@@ -276,7 +276,7 @@ protected void releaseManifestsForDockerBuilds(
             Errata erratum,
             Map<ProductVersionEntry, List<BuildItem>> advisoryBuildDetails,
             V1Beta1RequestRecord advisoryManifestsRecord,
-            Map<ProductVersionEntry, SbomGenerationRequest> releaseGenerations,
+            Map<String, SbomGenerationRequest> releaseGenerations,
             String toolVersion,
             Component.Type productType,
             Map<ProductVersionEntry, Set<String>> productVersionToCPEs,
@@ -309,7 +309,7 @@ protected void releaseManifestsForDockerBuilds(
 
             SbomUtils.addMissingSerialNumber(productVersionBom);
 
-            SbomGenerationRequest releaseGeneration = releaseGenerations.get(productVersion);
+            SbomGenerationRequest releaseGeneration = releaseGenerations.get(productVersion.getName());
             Sbom sbom = saveReleaseManifestForDockerGeneration(
                     requestEvent,
                     erratum,

service/src/main/java/org/jboss/sbomer/service/feature/sbom/errata/event/release/AdvisoryReleaseEvent.java → service/src/main/java/org/jboss/sbomer/service/feature/sbom/errata/event/release/StandardAdvisoryReleaseEvent.java

@@ -19,17 +19,16 @@
 
 import java.util.Map;
 
-import org.jboss.sbomer.service.feature.sbom.errata.dto.ErrataBuildList.ProductVersionEntry;
 import org.jboss.sbomer.service.feature.sbom.model.SbomGenerationRequest;
 
 import lombok.Builder;
 import lombok.Data;
 
 @Data
 @Builder(setterPrefix = "with")
-public class AdvisoryReleaseEvent {
+public class StandardAdvisoryReleaseEvent {
 
     final String requestEventId;
-    final Map<ProductVersionEntry, SbomGenerationRequest> releaseGenerations;
+    final Map<String, SbomGenerationRequest> releaseGenerations;
 
 }

service/src/main/java/org/jboss/sbomer/service/feature/sbom/errata/event/release/TextOnlyAdvisoryReleaseEvent.java

@@ -0,0 +1,34 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2023 Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.sbomer.service.feature.sbom.errata.event.release;
+
+import java.util.Map;
+
+import org.jboss.sbomer.service.feature.sbom.model.SbomGenerationRequest;
+
+import lombok.Builder;
+import lombok.Data;
+
+@Data
+@Builder(setterPrefix = "with")
+public class TextOnlyAdvisoryReleaseEvent {
+
+    final String requestEventId;
+    final Map<String, SbomGenerationRequest> releaseGenerations;
+
+}