Skip to content

Commit

Permalink
Add sbom.yml to generate SBOM
Browse files Browse the repository at this point in the history
Automate Software Bill of Materials (SBOM) generation with every release

Signed-off-by: Sandipan Panda <[email protected]>
  • Loading branch information
sandipanpanda committed Dec 16, 2023
1 parent 4427079 commit 0dd04d8
Showing 1 changed file with 25 additions and 0 deletions.
25 changes: 25 additions & 0 deletions .github/workflows/sbom.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Generate SBOM
on:
workflow_dispatch:
release:
types: [published]
permissions:
contents: read
jobs:
generate_sbom_action:
runs-on: ubuntu-latest
name: Install bom and generate SBOM
steps:
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Install bom
uses: kubernetes-sigs/release-actions/setup-bom@main
- name: Generage SBOM
run: |
bom generate -o minikube_${{github.ref_name}}_sbom.spdx \
--dirs=.\
- name: Upload SBOM
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release upload ${{github.ref_name}} minikube_${{github.ref_name}}_sbom.spdx

0 comments on commit 0dd04d8

Please sign in to comment.