Skip to content
Create release

SBOM #32

Sign in to view logs

SBOM

SBOM #32

Workflow file for this run

.github/workflows/release.yml at 193055e
name: Create release
on:
push:
tags:
- "__v*"
permissions:
contents: write
jobs:
release:
name: Release pushed tag
runs-on: ubuntu-22.04
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Switch to main branch
run: |
git switch main
- name: Set VERSION.txt
env:
tag: ${{ github.ref_name }}
shell: bash
run: echo "${tag:3}" > VERSION.txt
- name: Generate SBOM
run: |
curl -Lo $RUNNER_TEMP/sbom-tool https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64
chmod +x $RUNNER_TEMP/sbom-tool
export SBOM_OUTPUT="/var/tmp/sbom_output"
rm -rf ${SBOM_OUTPUT}_python
mkdir ${SBOM_OUTPUT}_python
$RUNNER_TEMP/sbom-tool generate -m ${SBOM_OUTPUT}_python -li true -pm true -b build-and-test-webapp -bc . -pn Test -pv 1.0.0 -ps MyCompany -nsb https://sbom.mycompany.com -V Verbose
dck_cmd=`grep 'docker build' build_container.sh`
echo "DCK_CMD == ${dck_cmd}"
img=`echo ${dck_cmd} | awk '{print $4}'`
${dck_cmd}
echo "IMG = ${img}"
rm -rf ${SBOM_OUTPUT}_docker
mkdir ${SBOM_OUTPUT}_docker
$RUNNER_TEMP/sbom-tool generate -m ${SBOM_OUTPUT}_docker -li true -pm true -b . -pn Test -pv 1.0.0 -ps MyCompany -nsb https://sbom.mycompany.com -V Verbose -di ${img}
- uses: actions/upload-artifact@v3.1.0
with:
path: ${SBOM_OUTPUT}_python/_manifest/spdx_2.2/manifest.spdx.json
name: "PYTHON SBOM"
- uses: actions/upload-artifact@v3.1.0
with:
path: ${SBOM_OUTPUT}_docker/_manifest/spdx_2.2/manifest.spdx.json
name: "DOCKER SBOM"
- name: Commit and push changes
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add -A
git commit -m "Release workflow"
git push
export ver=`cat VERSION.txt`
echo "VER=$ver TAG=v$ver"
git tag "v$ver"
git push origin "v$ver"
- name: Create release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ github.ref_name }}
run: |
export tag2=`cat VERSION.txt`
gh release create "v$tag2" \
--repo="$GITHUB_REPOSITORY" \
--title="${tag2}" \
--generate-notes