diff --git a/.github/workflows/build_push.yml b/.github/workflows/build_push.yml index e36d87b..8822df4 100644 --- a/.github/workflows/build_push.yml +++ b/.github/workflows/build_push.yml @@ -151,12 +151,12 @@ jobs: docker run -v ${PWD}:/app ${{ steps.build-release.outputs.TAGGED_IMAGE }} \ R -q -e 'write.csv(installed.packages(), file="/app/${{ steps.build-release.outputs.R_PKG_OUTPUT_FILENAME }}")' - # - name: Generate SBOM 📃 - # uses: anchore/sbom-action@v0 - # with: - # image: "${{ steps.build-release.outputs.TAGGED_IMAGE }}" - # output-file: "${{ steps.build-release.outputs.SBOM_OUTPUT_FILENAME }}" - # artifact-name: "sbom.spdx" + - name: Generate SBOM 📃 + uses: anchore/sbom-action@v0 + with: + image: "${{ steps.build-release.outputs.TAGGED_IMAGE }}" + output-file: "${{ github.workspace }}/${{ steps.build-release.outputs.SBOM_OUTPUT_FILENAME }}" + artifact-name: "sbom.spdx" - name: Upload artifacts to release ⬆️ uses: marvinpinto/action-automatic-releases@latest @@ -167,15 +167,16 @@ jobs: files: | ${{ steps.build-release.outputs.MANIFEST_OUTPUT_FILENAME }} ${{ steps.build-release.outputs.R_PKG_OUTPUT_FILENAME }} + ${{ steps.build-release.outputs.SBOM_OUTPUT_FILENAME }} - sec_ops: - if: github.ref_name == 'main' - needs: build_publish + # sec_ops: + # if: github.ref_name == 'main' + # needs: build_publish - permissions: - security-events: write + # permissions: + # security-events: write - name: Update security artifacts - uses: boehringer-ingelheim/dv.ci-images/.github/workflows/secops.yml@main - with: - image_tag: "${{ needs.build_publish.outputs.image }}:${{ needs.build_publish.outputs.tag }}" + # name: Update security artifacts + # uses: boehringer-ingelheim/dv.ci-images/.github/workflows/secops.yml@main + # with: + # image_tag: "${{ needs.build_publish.outputs.image }}:${{ needs.build_publish.outputs.tag }}"