From 0dd04d8efc4c846938b99f991effdc9549c62803 Mon Sep 17 00:00:00 2001 From: Sandipan Panda Date: Sun, 17 Dec 2023 01:02:57 +0530 Subject: [PATCH] Add sbom.yml to generate SBOM Automate Software Bill of Materials (SBOM) generation with every release Signed-off-by: Sandipan Panda --- .github/workflows/sbom.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/sbom.yml diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml new file mode 100644 index 000000000000..c14b31a4608e --- /dev/null +++ b/.github/workflows/sbom.yml @@ -0,0 +1,25 @@ +name: Generate SBOM +on: + workflow_dispatch: + release: + types: [published] +permissions: + contents: read +jobs: + generate_sbom_action: + runs-on: ubuntu-latest + name: Install bom and generate SBOM + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - name: Install bom + uses: kubernetes-sigs/release-actions/setup-bom@main + - name: Generage SBOM + run: | + bom generate -o minikube_${{github.ref_name}}_sbom.spdx \ + --dirs=.\ + - name: Upload SBOM + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release upload ${{github.ref_name}} minikube_${{github.ref_name}}_sbom.spdx