8000 [SPARK-53669] Publish SBOM artifacts by dongjoon-hyun · Pull Request #332 · apache/spark-kubernetes-operator · GitHub
[go: up one dir, main page]
Skip to content

[SPARK-53669] Publish SBOM artifacts #332

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[SPARK-53669] Publish SBOM artifacts #332

wants to merge 1 commit into from

Conversation

dongjoon-hyun
Copy link
Member
@dongjoon-hyun dongjoon-hyun commented Sep 22, 2025
edited
Loading

What changes were proposed in this pull request?

Since Apache Spark 3.4.0, Apache Spark main repository has been providing SBOM artifact. Like the main repository, this PR aims to publish SBOM artifacts of Apache Spark K8s Operator artifacts.

Why are the changes needed?

Here is an article to give some context.

Software Bill of Materials (SBOM) are additional artifacts containing the aggregate of all direct and transitive dependencies of a project. The US Government (based on NIST recommendations) currently accepts only the three most popular SBOM standards as valid, namely: CycloneDX, Software Identification (SWID) tag, Software Package Data Exchange® (SPDX).

Does this PR introduce any user-facing change?

No behavior change.

How was this patch tested?

Manually run the following command and check the local Maven directory.

COMMAND

$ gradle publishApachePublicationToMavenLocal -Prelease

BEFORE

$ ls -al ~/.m2/repository/org/apache/spark/spark-operator-api/0.5.0-SNAPSHOT
total 976
drwxr-xr-x@ 15 dongjoon  staff     480 Sep 22 16:26 .
drwxr-xr-x@  4 dongjoon  staff     128 Sep 22 16:26 ..
-rw-r--r--@  1 dongjoon  staff    2632 Sep 22 16:26 maven-metadata-local.xml
-rw-r--r--@  1 dongjoon  staff  233151 Sep 22 16:26 spark-operator-api-0.5.0-SNAPSHOT-javadoc.jar
-rw-r--r--@  1 dongjoon  staff     833 Sep 22 16:26 spark-operator-api-0.5.0-SNAPSHOT-javadoc.jar.asc
-rw-r--r--@  1 dongjoon  staff   52522 Sep 22 16:26 spark-operator-api-0.5.0-SNAPSHOT-sources.jar
-rw-r--r--@  1 dongjoon  staff     833 Sep 22 16:26 spark-operator-api-0.5.0-SNAPSHOT-sources.jar.asc
-rw-r--r--@  1 dongjoon  staff   17387 Sep 22 16:26 spark-operator-api-0.5.0-SNAPSHOT-tests.jar
-rw-r--r--@
8000
  1 dongjoon  staff     833 Sep 22 16:26 spark-operator-api-0.5.0-SNAPSHOT-tests.jar.asc
-rw-r--r--@  1 dongjoon  staff  154249 Sep 22 16:26 spark-operator-api-0.5.0-SNAPSHOT.jar
-rw-r--r--@  1 dongjoon  staff     833 Sep 22 16:26 spark-operator-api-0.5.0-SNAPSHOT.jar.asc
-rw-r--r--@  1 dongjoon  staff    2683 Sep 22 16:26 spark-operator-api-0.5.0-SNAPSHOT.module
-rw-r--r--@  1 dongjoon  staff     833 Sep 22 16:26 spark-operator-api-0.5.0-SNAPSHOT.module.asc
-rw-r--r--@  1 dongjoon  staff    2289 Sep 22 16:26 spark-operator-api-0.5.0-SNAPSHOT.pom
-rw-r--r--@  1 dongjoon  staff     833 Sep 22 16:26 spark-operator-api-0.5.0-SNAPSHOT.pom.asc

AFTER

$ ls -al ~/.m2/repository/org/apache/spark/spark-operator-api/0.5.0-SNAPSHOT
total 5880
drwxr-xr-x@ 17 dongjoon  staff      544 Sep 22 16:27 .
drwxr-xr-x@  4 dongjoon  staff      128 Sep 22 16:27 ..
-rw-r--r--@  1 dongjoon  staff     3050 Sep 22 16:27 maven-metadata-local.xml
-rw-r--r--@  1 dongjoon  staff  2505028 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT-cyclonedx.xml
-rw-r--r--@  1 dongjoon  staff      833 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT-cyclonedx.xml.asc
-rw-r--r--@  1 dongjoon  staff   233151 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT-javadoc.jar
-rw-r--r--@  1 dongjoon  staff      833 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT-javadoc.jar.asc
-rw-r--r--@  1 dongjoon  staff    52522 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT-sources.jar
-rw-r--r--@  1 dongjoon  staff      833 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT-sources.jar.asc
-rw-r--r--@  1 dongjoon  staff    17387 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT-tests.jar
-rw-r--r--@  1 dongjoon  staff      833 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT-tests.jar.asc
-rw-r--r--@  1 dongjoon  staff   154249 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT.jar
-rw-r--r--@  1 dongjoon  staff      833 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT.jar.asc
-rw-r--r--@  1 dongjoon  staff     2683 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT.module
-rw-r--r--@  1 dongjoon  staff      833 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT.module.asc
-rw-r--r--@  1 dongjoon  staff     2289 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT.pom
-rw-r--r--@  1 dongjoon  staff      833 Sep 22 16:27 spark-operator-api-0.5.0-SNAPSHOT.pom.asc

Was this patch authored or co-authored using generative AI tooling?

No.

@github-actions github-actions bot added the BUILD label Sep 22, 2025
@dongjoon-hyun
Copy link
Member Author

cc @viirya , @peter-toth , @jiangzho

@dongjoon-hyun
Copy link
Member Author

Thank you, @viirya . Merged to main.

@dongjoon-hyun dongjoon-hyun deleted the SPARK-53669 branch September 23, 2025 02:49
@dongjoon-hyun dongjoon-hyun mentioned this pull request Sep 25, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@viirya viirya viirya approved these changes

Assignees

No one assigned

Labels

BUILD

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dongjoon-hyun @viirya
0