project-ncl · vibe13 · Jan 21, 2025 · Jan 22, 2025
diff --git a/core/src/main/java/org/jboss/sbomer/core/features/sbom/utils/SbomUtils.java b/core/src/main/java/org/jboss/sbomer/core/features/sbom/utils/SbomUtils.java
@@ -82,7 +82,6 @@
 import org.jboss.pnc.dto.Artifact;
 import org.jboss.pnc.dto.Build;
 import org.jboss.pnc.dto.DeliverableAnalyzerOperation;
-import org.jboss.pnc.enums.BuildType;
 import org.jboss.pnc.restclient.util.ArtifactUtil;
 import org.jboss.sbomer.core.features.sbom.Constants;
 import org.jboss.sbomer.core.features.sbom.config.Config;
@@ -175,7 +174,9 @@ private static void setCoordinates(Component component, Artifact artifact) {
                 } else if (scopeName.length == 1) {
                     component.setName(scopeName[0]);
                 } else {
-                    log.warn("Unexpected number of slashes in NPM artifact name {}, using it fully", coordinates.getName());
+                    log.warn(
+                            "Unexpected number of slashes in NPM artifact name {}, using it fully",
+                            coordinates.getName());
                     component.setName(coordinates.getName());
                 }
                 component.setVersion(coordinates.getVersionString());
@@ -1066,4 +1067,50 @@ private static String rebuildPurl(Component component) {
             return null;
         }
     }
+
+    /**
+     * Creates a new purl with the same name, namespace, subpath, type, version and qualifiers and add the specified
+     * qualifier. If "redHatComponentsOnly" is true, add the qualifiers only if the component has a Red Hat version.
+     * Finally rebuilds the purl to make sure it is valid and qualifiers are properly sorted.
+     *
+     * @param component the input component which has the purl to modify
+     * @param qualifiers the Map with the qualifiers key-value
+     * @param redHatComponentsOnly boolean, true if the qualifiers should be added only to components with Red Hat
+     *        version
+     * @return The new validated purl as string.
+     */
+    public static String addQualifiersToPurlOfComponent(
+            Component component,
+            Map<String, String> qualifiers,
+            boolean redHatComponentsOnly) {
+
+        // In case this is not a RH artifact, do not update the purl
+        if (redHatComponentsOnly && !RhVersionPattern.isRhVersion(component.getVersion())
+                && !RhVersionPattern.isRhPurl(component.getPurl())) {
+            return component.getPurl();
+        }
+
+        try {
+            PackageURL purl = new PackageURL(component.getPurl());
+            PackageURLBuilder builder = PackageURLBuilder.aPackageURL()
+                    .withName(purl.getName())
+                    .withNamespace(purl.getNamespace())
+                    .withSubpath(purl.getSubpath())
+                    .withType(purl.getType())
+                    .withVersion(purl.getVersion());
+
+            if (purl.getQualifiers() != null) {
+                // Copy all the original qualifiers
+                purl.getQualifiers().forEach((k, v) -> builder.withQualifier(k, v));
+            }
+
+            // Add the qualifiers
+            qualifiers.forEach((k, v) -> builder.withQualifier(k, v));
+
+            return builder.build().toString();
+        } catch (MalformedPackageURLException | IllegalArgumentException e) {
+            log.warn("Error while adding new qualifiers to component with purl {}", component.getPurl(), e);
+            return component.getPurl();
+        }
+    }
 }
diff --git a/.../java/org/jboss/sbomer/service/feature/sbom/errata/event/EventNotificationFiringUtil.java b/.../java/org/jboss/sbomer/service/feature/sbom/errata/event/EventNotificationFiringUtil.java
@@ -18,7 +18,8 @@
 package org.jboss.sbomer.service.feature.sbom.errata.event;
 
 import org.jboss.sbomer.service.feature.sbom.errata.event.comment.RequestEventStatusUpdateEvent;
-import org.jboss.sbomer.service.feature.sbom.errata.event.release.AdvisoryReleaseEvent;
+import org.jboss.sbomer.service.feature.sbom.errata.event.release.StandardAdvisoryReleaseEvent;
+import org.jboss.sbomer.service.feature.sbom.errata.event.release.TextOnlyAdvisoryReleaseEvent;
 
 import io.quarkus.arc.Arc;
 import jakarta.enterprise.event.Event;
@@ -42,16 +43,23 @@ public static void notifyRequestEventStatusUpdate(Object requestEventNotificatio
     }
 
     public static void notifyAdvisoryRelease(Object advisoryReleaseNotification) {
-        AdvisoryReleaseEvent releaseEvent = (AdvisoryReleaseEvent) advisoryReleaseNotification;
-        log.info(
-                "Firing async event for advisory release update upon event with id: {}",
-                releaseEvent.getRequestEventId());
+        if (advisoryReleaseNotification instanceof StandardAdvisoryReleaseEvent) {
+            StandardAdvisoryReleaseEvent releaseEvent = (StandardAdvisoryReleaseEvent) advisoryReleaseNotification;
+            log.info(
+                    "Firing async event for standard advisory release update upon event with id: {}",
+                    releaseEvent.getRequestEventId());
+        } else {
+            TextOnlyAdvisoryReleaseEvent releaseEvent = (TextOnlyAdvisoryReleaseEvent) advisoryReleaseNotification;
+            log.info(
+                    "Firing async event for text-only advisory release update upon event with id: {}",
+                    releaseEvent.getRequestEventId());
+        }
+
         Event<Object> event = Arc.container().beanManager().getEvent();
         event.fireAsync(advisoryReleaseNotification).whenComplete((result, throwable) -> {
             if (throwable != null) {
                 log.error("Error occurred while processing the async event.", throwable);
             }
         });
     }
-
 }
diff --git a/...jboss/sbomer/service/feature/sbom/errata/event/release/ReleaseAdvisoryEventsListener.java b/...jboss/sbomer/service/feature/sbom/errata/event/release/ReleaseAdvisoryEventsListener.java
@@ -116,8 +116,8 @@ public class ReleaseAdvisoryEventsListener {
 
     private static final String NVR_STANDARD_SEPARATOR = "-";
 
-    public void onReleaseAdvisoryEvent(@ObservesAsync AdvisoryReleaseEvent event) {
-        log.debug("Event received for advisory release ...");
+    public void onReleaseAdvisoryEvent(@ObservesAsync StandardAdvisoryReleaseEvent event) {
+        log.debug("Event received for standard advisory release ...");
 
         RequestEvent requestEvent = requestEventRepository.findById(event.getRequestEventId());
         try {
@@ -206,7 +206,7 @@ protected void releaseManifestsForRPMBuilds(
             Errata erratum,
             Map<ProductVersionEntry, List<BuildItem>> advisoryBuildDetails,
             V1Beta1RequestRecord advisoryManifestsRecord,
-            Map<ProductVersionEntry, SbomGenerationRequest> releaseGenerations,
+            Map<String, SbomGenerationRequest> releaseGenerations,
             String toolVersion,
             Component.Type productType,
             Map<ProductVersionEntry, Set<String>> productVersionToCPEs,
@@ -240,7 +240,7 @@ protected void releaseManifestsForRPMBuilds(
 
             SbomUtils.addMissingSerialNumber(productVersionBom);
 
-            SbomGenerationRequest releaseGeneration = releaseGenerations.get(productVersion);
+            SbomGenerationRequest releaseGeneration = releaseGenerations.get(productVersion.getName());
             Sbom sbom = saveReleaseManifestForRPMGeneration(
                     requestEvent,
                     erratum,
@@ -276,7 +276,7 @@ protected void releaseManifestsForDockerBuilds(
             Errata erratum,
             Map<ProductVersionEntry, List<BuildItem>> advisoryBuildDetails,
             V1Beta1RequestRecord advisoryManifestsRecord,
-            Map<ProductVersionEntry, SbomGenerationRequest> releaseGenerations,
+            Map<String, SbomGenerationRequest> releaseGenerations,
             String toolVersion,
             Component.Type productType,
             Map<ProductVersionEntry, Set<String>> productVersionToCPEs,
@@ -309,7 +309,7 @@ protected void releaseManifestsForDockerBuilds(
 
             SbomUtils.addMissingSerialNumber(productVersionBom);
 
-            SbomGenerationRequest releaseGeneration = releaseGenerations.get(productVersion);
+            SbomGenerationRequest releaseGeneration = releaseGenerations.get(productVersion.getName());
             Sbom sbom = saveReleaseManifestForDockerGeneration(
                     requestEvent,
                     erratum,