Skip to content

fix(ci): include node-runtime-worker-thread SBOM in Compass SBOM MONGOSH-1856 #7460

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(ci): include node-runtime-worker-thread SBOM in Compass SBOM MONGOSH-1856 #7460

wants to merge 1 commit into from

Conversation

addaleax
Copy link
Collaborator

This was previously missed before closing the ticket. Without this, dependencies that end up being bundled in node-runtime-worker-thread are not properly listed in the Compass SBOM.

Description

Checklist

  • New tests and/or benchmarks are included
  • Documentation is changed or added
  • If this change updates the UI, screenshots/videos are added and a design review is requested
  • I have signed the MongoDB Contributor License Agreement (https://www.mongodb.com/legal/contributor-agreement)

Motivation and Context

  • Bugfix
  • New feature
  • Dependency update
  • Misc

Open Questions

Dependents

Types of changes

  • Backport Needed
  • Patch (non-breaking change which fixes an issue)
  • Minor (non-breaking change which adds functionality)
  • Major (fix or feature that would cause existing functionality to change)

@addaleax
fix(ci): include node-runtime-worker-thread SBOM in Compass SBOM MONG…
6db6fb8 
…OSH-1856

This was previously missed before closing the ticket. Without this, dependencies
that end up being bundled in node-runtime-worker-thread are not properly
listed in the Compass SBOM.
@addaleax addaleax requested a review from a team as a code owner October 15, 2025 13:46
@addaleax addaleax requested review from Copilot and ivandevp October 15, 2025 13:46
@github-actions github-actions bot added the fix label Oct 15, 2025
Copilot
Copilot AI reviewed Oct 15, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes the SBOM (Software Bill of Materials) generation for Compass by including dependencies from the node-runtime-worker-thread package that were previously missing. The change ensures that bundled dependencies in this worker thread package are properly listed in the Compass SBOM.

Key Changes:

  • Added logic to copy and merge the node-runtime-worker-thread SBOM data into the main SBOM
  • Updated the SBOM generation pipeline to deduplicate entries after merging
  • Modified shell script quoting for better compatibility

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@addaleax addaleax added the no release notes Fix or feature not for release notes label Oct 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lerouxb lerouxb lerouxb approved these changes

@ivandevp ivandevp Awaiting requested review from ivandevp ivandevp is a code owner automatically assigned from mongodb-js/compass-developers

Assignees

No one assigned

Labels

fix no release notes Fix or feature not for release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@addaleax @lerouxb