Skip to content

Commit

Permalink
✨ add sbom generation
Browse files Browse the repository at this point in the history
  • Loading branch information
Yoan Moscatelli committed Mar 29, 2024
1 parent 14f7a85 commit cedc142
Show file tree
Hide file tree
Showing 3 changed files with 84 additions and 0 deletions.
71 changes: 71 additions & 0 deletions .github/workflows/generate-sbom.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
name: "Generate sbom"

on:
workflow_call:
inputs:
ref:
description: "the git revision to checkout"
default: ${{ github.ref }}
required: false
type: string

jobs:
generate-sbom:
runs-on: ubuntu-22.04
steps:
- name: Cleanup some unused ressources
run: |-
sudo rm -rf /usr/local/lib/android
sudo rm -rf /usr/share/dotnet
- name: Create directories
shell: bash
run: |
mkdir -p metalk8s_sbom/repo
mkdir -p metalk8s_sbom/sbom
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
path: metalk8s_sbom/repo/metalk8s

- name: Scan metalk8s repository
uses: scality/sbom@v1
with:
repo: metalk8s
input_path: metalk8s_sbom/repo/metalk8s
output_path: metalk8s_sbom/sbom

- name: Generate archive
shell: bash
run: |
cd metalk8s_sbom/sbom
tar -czf sbom_metalk8s.tar.gz *.json
- name: Clean up
shell: bash
run: |
rm -rf metalk8s_sbom/repo
rm -f metalk8s_sbom/sbom/*.json
- name: Upload SBOM to artifacts
uses: scality/action-artifacts@v4
with:
method: upload
url: https://artifacts.scality.net
user: ${{ secrets.artifacts_user }}
password: ${{ secrets.artifacts_password }}
source: metalk8s_sbom/

- name: Checkout repo
uses: actions/checkout@v4

- name: Generate Job result
if: always()
uses: ./.github/actions/generate-job-result
with:
name: generate-sbom
ARTIFACTS_USER: ${{ secrets.ARTIFACTS_USER }}
ARTIFACTS_PASSWORD: ${{ secrets.ARTIFACTS_PASSWORD }}
GIT_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
6 changes: 6 additions & 0 deletions .github/workflows/nightly.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,10 @@ jobs:
nodes-count: 2
k8s-conformance: true

generate-sbom:
uses: ./.github/workflows/generate-sbom.yaml
secrets: inherit

write-final-failed-status:
runs-on: ubuntu-22.04
needs:
Expand All @@ -213,6 +217,7 @@ jobs:
- install
- bootstrap-restore
- k8s-conformance
- generate-sbom
if: failure()
steps:
- name: Checkout
Expand Down Expand Up @@ -240,6 +245,7 @@ jobs:
- install
- bootstrap-restore
- k8s-conformance
- generate-sbom
if: success()
steps:
- name: Checkout
Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/promote.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,16 @@ jobs:
uses: ./.github/workflows/build.yaml
secrets: inherit

generate-sbom:
needs:
- build
uses: ./.github/workflows/generate-sbom.yaml
secrets: inherit

promote-artifacts:
needs:
- build
- generate-sbom
runs-on: ubuntu-20.04
outputs:
artifact-link: ${{ steps.promote.outputs.link }}
Expand Down

0 comments on commit cedc142

Please sign in to comment.