Move SBOM feature behind env var feature flag

buildpacks/maven/src/main.rs

@@ -251,34 +251,42 @@ impl Buildpack for MavenBuildpack {
             MavenBuildpackError::MavenBuildUnexpectedExitCode,
         )?;
 
-        let sbom_dir = std::env::temp_dir().join("heroku-maven-sbom");
-        fs::create_dir_all(&sbom_dir)
-            .map_err(MavenBuildpackError::CannotCreateTemporarySbomDirectory)?;
-
-        util::run_command(
-            Command::new(&mvn_executable)
-                .current_dir(&context.app_dir)
-                .args(
-                    maven_options.iter().chain(&internal_maven_options).chain(
-                        [
-                            format!("-DoutputDirectory={}", sbom_dir.to_string_lossy()),
-                            String::from("-DschemaVersion=1.4"),
-                            String::from("org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom"),
-                        ]
-                        .iter(),
-                    ),
-                )
-                .envs(&mvn_env),
-            MavenBuildpackError::MavenBuildIoError,
-            MavenBuildpackError::MavenBuildUnexpectedExitCode,
-        )?;
-
         let mut build_result_builder = BuildResultBuilder::new();
 
-        let launch_sbom = Sbom::from_path(SbomFormat::CycloneDxJson, sbom_dir.join("bom.json"))
-            .map_err(MavenBuildpackError::CannotReadMavenSbomFile)?;
+        if current_or_platform_env
+            .get("ENABLE_EXPERIMENTAL")
+            .is_some_and(|value| value == "true")
+        {
+            let sbom_dir = std::env::temp_dir().join("heroku-maven-sbom");
+            fs::create_dir_all(&sbom_dir)
+                .map_err(MavenBuildpackError::CannotCreateTemporarySbomDirectory)?;
+
+            util::run_command(
+                Command::new(&mvn_executable)
+                    .current_dir(&context.app_dir)
+                    .args(
+                        maven_options.iter().chain(&internal_maven_options).chain(
+                            [
+                                format!("-DoutputDirectory={}", sbom_dir.to_string_lossy()),
+                                String::from("-DoutputName=bom"),
+                                String::from("-DschemaVersion=1.4"),
+                                String::from(
+                                    "org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom",
+                                ),
+                            ]
+                            .iter(),
+                        ),
+                    )
+                    .envs(&mvn_env),
+                MavenBuildpackError::MavenBuildIoError,
+                MavenBuildpackError::MavenBuildUnexpectedExitCode,
+            )?;
 
-        build_result_builder = build_result_builder.launch_sbom(launch_sbom);
+            let launch_sbom = Sbom::from_path(SbomFormat::CycloneDxJson, sbom_dir.join("bom.json"))
+                .map_err(MavenBuildpackError::CannotReadMavenSbomFile)?;
+
+            build_result_builder = build_result_builder.launch_sbom(launch_sbom);
+        }
 
         if let Some(process) = framework::default_app_process(&context.app_dir)
             .map_err(MavenBuildpackError::DefaultAppProcessError)?

buildpacks/maven/tests/integration/sbom.rs

@@ -7,7 +7,7 @@ use serde_cyclonedx::cyclonedx::v_1_4::{Component, CycloneDx, HashAlg};
 #[test]
 #[ignore = "integration test"]
 pub(crate) fn sbom() {
-    TestRunner::default().build(default_build_config("test-apps/simple-http-service"), |context| {
+    TestRunner::default().build(default_build_config("test-apps/simple-http-service").env("ENABLE_EXPERIMENTAL", "true"), |context| {
         context.download_sbom_files(|sbom_files| {
             let sbom_path = sbom_files.path_for(
                 buildpack_id!("heroku/maven"),