From 132d7065a81eb0ed6a9d463807c9da4a41438b85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Liisa=20R=C3=A4tsep?= <liisaratsep@gmail.com>
Date: Wed, 29 Jun 2022 18:58:24 +0300
Subject: [PATCH] split build into jobs

---
 .github/workflows/docker-publish.yml | 34 ++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 652f6c0..fa64f09 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -1,4 +1,4 @@
-name: Docker
+name: Docker build
 
 on:
   push:
@@ -15,7 +15,7 @@ jobs:
 
     runs-on: ubuntu-latest
     permissions:
-      contents: write
+      contents: read
       packages: write
 
     steps:
@@ -75,6 +75,36 @@ jobs:
           cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LOWER }}:latest
           cache-to: type=inline
 
+  sbom:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: read
+
+    steps:
+
+      - name: Extract semver
+        id: get_version
+        uses: battila7/get-version-action@v2
+
+      # Lowercase image name, as mixed case is not allowed while caching
+      - name: lowercase IMAGE_NAME
+        run: |
+          echo "IMAGE_NAME_LOWER=${IMAGE_NAME,,}" >>${GITHUB_ENV}
+        env:
+          IMAGE_NAME: '${{ env.IMAGE_NAME }}'
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Generate SBOM
         uses: anchore/sbom-action@v0.11.0
         with: