HIVE-28244: Add SBOM for storage-api and standalone-metastore modules

[Aggarwal-Raghav]

What changes were proposed in this pull request?

-Pdist profile present in parent pom.xml doesn't come into effect for storage-api module and standalone-metastore module.

Why are the changes needed?

Publish SBOM for standalone-metastore and storage-api module

Does this PR introduce any user-facing change?

NO

Is the change a dependency upgrade?

NO

How was this patch tested?

Tested via my local .m2 repository cache. After the fix, it is creating the "-cyclonedx.json" and "-cyclonedx.xml" for storage-api and standalone-metastore.

[Aggarwal-Raghav]

@zabetak, can you please help with review?

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[Aggarwal-Raghav]

@ayushtkn , can you please help with the review?

[deniskuzZ]

LGTM
@Aggarwal-Raghav, do you know how storage-api artifacts are used? I haven't seen that those were created for 3.x, 4.x releases

[Aggarwal-Raghav]

@deniskuzZ thanks for the review,

In branch-3, the version of storage-api is 2.6.1 (in my opinion, it is wrong version, it should be 3.2.0 now) and,
In branch-3.1, the storage api module is not getting build as it not present in the module list in pom.xml (not sure about the reason, why it was removed)

hive/pom.xml

Line 34 in bdf3285

<module>accumulo-handler</module>

, instead we are using 2.7.0 version and getting from artifactory,

hive/pom.xml

Line 198 in bdf3285

<storage-api.version>2.7.0</storage-api.version>

That's why storage-api jars for 3.x are missing in artifactory
For hive 4.x, this has been fixed and it is generating the artifacts.

Not entirely sure about the usage of storage-api module, please refer to this HIVE-10171