Skip to content

Commit a154e01

Browse files
sethmlarsonezio-melotti
sethmlarson
and
ezio-melotti
authored
Apply suggestions from code review
Co-authored-by: Ezio Melotti <[email protected]>
1 parent cefc01d commit a154e01

File tree

1 file changed

+13
-8
lines changed

1 file changed

+13
-8
lines changed

developer-workflow/sbom.rst

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -111,17 +111,22 @@ When removing a dependency:
111111
Updating external dependencies (cpython-source-deps)
112112
----------------------------------------------------
113113

114-
Dependencies for Windows CPython builds are `stored in a separate repository <https://github.com/python/cpython-source-deps>`_
115-
and then fetched during builds of CPython for Windows in the script :cpy-file:`PCbuild/get_externals.bat`.
114+
Dependencies for Windows CPython builds are `stored in a separate repository
115+
<https://github.com/python/cpython-source-deps>`_ and then fetched during
116+
builds of CPython for Windows in the script :cpy-file:`PCbuild/get_externals.bat`.
116117

117-
In this script the libraries to fetch are designated by ``{name}-{version}`` Git refs being added to the ``libraries`` variable.
118-
SBOM tooling in the CPython repository matches these Git refs in order to build the :cpy-file:`Misc/externals.spdx.json`
119-
SBOM file.
118+
In this script the libraries to fetch are designated by ``{name}-{version}``
119+
Git refs being added to the ``libraries`` variable.
120+
SBOM tooling in the CPython repository matches these Git refs in order
121+
to build the :cpy-file:`Misc/externals.spdx.json` SBOM file.
120122

121123
When updating external dependencies for a CPython branch:
122124

123-
1. Push the update to the ``cpython-source-deps`` repository and create a new Git tag.
125+
1. Push the update to the ``cpython-source-deps`` repository and
126+
create a new Git tag.
124127
2. Update the entry for the project in ``get_externals.bat``.
125-
3. Run ``make regen-sbom`` or ``PCbuild/build.bat --regen`` in the CPython source repository.
126-
4. Verify the metadata (like version, download location) in ``externals.spdx.json`` SBOM is updated as expected with ``git diff``.
128+
3. Run ``make regen-sbom`` or ``PCbuild/build.bat --regen``
129+
in the CPython source repository.
130+
4. Use ``git diff`` to verify that the metadata (like version, download location)
131+
in ``externals.spdx.json`` SBOM is updated as expected.
127132
5. Commit the changes and have them merged together.

0 commit comments

Comments
 (0)