From 1c7462b275b84985cd38f525115c2afbda73746f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= <thozza@redhat.com>
Date: Tue, 10 Sep 2024 17:22:30 +0200
Subject: [PATCH] Worker/koji-finalize: import uploaded SBOM documents
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If the Koji target result contains information about any uploaded SBOM
documents, import them to Koji as part of the finalize task.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
---
 cmd/osbuild-worker/jobimpl-koji-finalize.go | 22 +++++++++++++++++++++
 internal/upload/koji/koji.go                |  7 +++++++
 2 files changed, 29 insertions(+)

diff --git a/cmd/osbuild-worker/jobimpl-koji-finalize.go b/cmd/osbuild-worker/jobimpl-koji-finalize.go
index 1de4f31dc..bdec7107e 100644
--- a/cmd/osbuild-worker/jobimpl-koji-finalize.go
+++ b/cmd/osbuild-worker/jobimpl-koji-finalize.go
@@ -281,6 +281,28 @@ func (impl *KojiFinalizeJobImpl) Run(job worker.Job) error {
 				Type:         koji.BuildOutputTypeLog,
 			})
 		}
+
+		// SBOM documents output
+		if len(kojiTargetOptions.SbomDocs) > 0 {
+			for _, sbomDoc := range kojiTargetOptions.SbomDocs {
+				outputs = append(outputs, koji.BuildOutput{
+					BuildRootID:  uint64(i),
+					Filename:     sbomDoc.Filename,
+					FileSize:     sbomDoc.Size,
+					Arch:         buildResult.Arch,
+					ChecksumType: koji.ChecksumType(sbomDoc.ChecksumType),
+					Checksum:     sbomDoc.Checksum,
+					Type:         koji.BuildOutputTypeSbomDoc,
+					// NB: The extra metadata are not added to the build extra metadata
+					// because it does not contain any useful information for SBOM documents.
+					Extra: &koji.BuildOutputExtra{
+						ImageOutput: koji.SbomDocExtraInfo{
+							Arch: buildResult.Arch,
+						},
+					},
+				})
+			}
+		}
 	}
 
 	build := koji.Build{
diff --git a/internal/upload/koji/koji.go b/internal/upload/koji/koji.go
index bd9a7b00e..0ced02d32 100644
--- a/internal/upload/koji/koji.go
+++ b/internal/upload/koji/koji.go
@@ -159,6 +159,12 @@ type ManifestExtraInfo struct {
 
 func (ManifestExtraInfo) isImageOutputTypeMD() {}
 
+type SbomDocExtraInfo struct {
+	Arch string `json:"arch"`
+}
+
+func (SbomDocExtraInfo) isImageOutputTypeMD() {}
+
 // BuildOutputExtra holds extra metadata associated with the build output.
 type BuildOutputExtra struct {
 	// ImageOutput holds extra metadata about a single "image" output.
@@ -176,6 +182,7 @@ const (
 	BuildOutputTypeImage    BuildOutputType = "image"
 	BuildOutputTypeLog      BuildOutputType = "log"
 	BuildOutputTypeManifest BuildOutputType = "osbuild-manifest"
+	BuildOutputTypeSbomDoc  BuildOutputType = "sbom-doc"
 )
 
 // ChecksumType represents the type of a checksum used for a BuildOutput.