Skip to content

Commit b39ed73

Browse files
alexclaude
andauthored
Include OpenSSL SBOMs in built wheels (#14327)
Pass --sbom-include to maturin via build-args config setting to include the OpenSSL CycloneDX SBOM (generated by pyca/infra) in the wheel's .dist-info/sboms directory for all platforms (Linux, macOS, Windows). Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
1 parent bf47cd5 commit b39ed73

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

.github/workflows/wheel-builder.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -149,7 +149,7 @@ jobs:
149149
# docker running on an arm64 CPU
150150
OPENSSL_DIR="/opt/pyca/cryptography/openssl" \
151151
OPENSSL_STATIC=1 \
152-
manylinux-entrypoint uv build --python=/opt/python/${{ matrix.PYTHON.VERSION }}/bin/python --wheel --require-hashes --build-constraint=$BUILD_REQUIREMENTS_PATH $PY_LIMITED_API cryptography*.tar.gz -o tmpwheelhouse/
152+
manylinux-entrypoint uv build --python=/opt/python/${{ matrix.PYTHON.VERSION }}/bin/python --wheel --require-hashes --build-constraint=$BUILD_REQUIREMENTS_PATH $PY_LIMITED_API --config-settings=build-args=--sbom-include=/opt/pyca/cryptography/openssl/sbom.json cryptography*.tar.gz -o tmpwheelhouse/
153153
env:
154154
RUSTUP_HOME: /root/.rustup
155155
- run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/cryptography*.whl -w wheelhouse/
@@ -288,7 +288,7 @@ jobs:
288288
289289
OPENSSL_DIR="$(readlink -f ../openssl-macos-universal2/)" \
290290
OPENSSL_STATIC=1 \
291-
uv build --wheel --require-hashes --build-constraint=$BUILD_REQUIREMENTS_PATH $PY_LIMITED_API cryptography*.tar.gz -o wheelhouse/
291+
uv build --wheel --require-hashes --build-constraint=$BUILD_REQUIREMENTS_PATH $PY_LIMITED_API --config-settings=build-args=--sbom-include="$(readlink -f ../openssl-macos-universal2/sbom.json)" cryptography*.tar.gz -o wheelhouse/
292292
env:
293293
MACOSX_DEPLOYMENT_TARGET: ${{ matrix.PYTHON.DEPLOYMENT_TARGET }}
294294
ARCHFLAGS: ${{ matrix.PYTHON.ARCHFLAGS }}
@@ -376,7 +376,7 @@ jobs:
376376
PY_LIMITED_API="--config-settings=build-args=--features=pyo3/abi3-${{ matrix.PYTHON.ABI_VERSION }}"
377377
fi
378378
379-
uv build --wheel --require-hashes --build-constraint=$BUILD_REQUIREMENTS_PATH cryptography*.tar.gz $PY_LIMITED_API -o wheelhouse/
379+
uv build --wheel --require-hashes --build-constraint=$BUILD_REQUIREMENTS_PATH cryptography*.tar.gz $PY_LIMITED_API --config-settings=build-args=--sbom-include=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}/sbom.json -o wheelhouse/
380380
shell: bash
381381
382382
- name: Smoketest

0 commit comments

Comments
 (0)