up

scripts/scanner/package-analyzer.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Package a scanner analyzer plugin with checksum and SBOM.
+# Usage: package-analyzer.sh <project-path> <name>
+
+if [[ $# -lt 2 ]]; then
+  echo "Usage: $0 <project-path> <name>" >&2
+  exit 64
+fi
+
+PROJECT=$1
+NAME=$2
+CONFIG=${CONFIG:-Release}
+RID=${RID:-linux-x64}
+OUT_ROOT="out/scanner-analyzers/${NAME}"
+PUBLISH_DIR="${OUT_ROOT}/publish"
+mkdir -p "$PUBLISH_DIR"
+
+if ! command -v dotnet >/dev/null 2>&1; then
+  echo "[analyzer] dotnet CLI not found" >&2
+  exit 69
+fi
+
+echo "[analyzer] publishing ${NAME} (${PROJECT}) for ${RID}"
+dotnet publish "$PROJECT" -c "$CONFIG" -r "$RID" --self-contained true -p:PublishSingleFile=true -p:PublishTrimmed=false -o "$PUBLISH_DIR" >/dev/null
+
+ARCHIVE="${OUT_ROOT}/${NAME}-${RID}.tar.gz"
+tar -C "$PUBLISH_DIR" -czf "$ARCHIVE" .
+sha256sum "$ARCHIVE" > "${ARCHIVE}.sha256"
+
+if command -v syft >/dev/null 2>&1; then
+  syft "dir:${PUBLISH_DIR}" -o json > "${ARCHIVE}.sbom.json"
+fi
+
+cat > "${OUT_ROOT}/manifest.json" <<EOF
+{
+  "name": "${NAME}",
+  "project": "${PROJECT}",
+  "rid": "${RID}",
+  "generated_at": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")",
+  "archive": "$(basename "$ARCHIVE")"
+}
+EOF
+
+echo "[analyzer] packaged ${NAME} at ${ARCHIVE}"