-
Notifications
You must be signed in to change notification settings - Fork 39
75 lines (61 loc) · 1.83 KB
/
sbom.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
name: Software Bill of Materials
on:
workflow_dispatch:
jobs:
sbom:
runs-on: ubuntu-latest
container:
image: quay.io/bluechi/build-base:latest
env:
ARTIFACTS_DIR: /tmp/bluechi-artifacts
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: 'true'
ref: ${{ github.ref_name }}
- name: Mark source directory as safe
run: |
git config --global --add safe.directory $(pwd)
- name: Perform build
run: |
./build-scripts/build-rpm.sh $ARTIFACTS_DIR
- name: Create DNF repository
run: |
createrepo_c $ARTIFACTS_DIR
- name: Install RPMs and dependencies
run: |
dnf install python3-dasbus -y
dnf install --repo bluechi-rpms \
--repofrompath bluechi-rpms,file://$ARTIFACTS_DIR \
--nogpgcheck \
--nodocs \
bluechi-controller \
bluechi-agent \
bluechi-ctl \
bluechi-selinux \
python3-bluechi \
-y
- name: Install SBOM4RPMs
run: |
python3 -m ensurepip --default-pip
python3 -m pip install sbom4rpms
- name: Run SBOM analysis
run: |
mkdir -p /tmp/sboms/
sbom4rpms \
--rpm-dir=$ARTIFACTS_DIR \
--sbom-dir=/tmp/bluechi-sboms \
--git-dir=./ \
--sbom-format=spdx \
--collect-dependencies
sbom4rpms \
--rpm-dir=$ARTIFACTS_DIR \
--sbom-dir=/tmp/bluechi-sboms \
--sbom-format=cyclonedx
- name: Upload SBOMs
uses: actions/upload-artifact@v4
with:
name: bluechi-sboms
path: /tmp/bluechi-sboms