From 52307683c12b5e910f790c767df433791f8ec2ce Mon Sep 17 00:00:00 2001 From: Jens Henneberg Date: Wed, 13 Mar 2024 14:38:12 +1300 Subject: [PATCH] Generate SBOM for release Signed-off-by: Jens Henneberg --- .github/workflows/release.yml | 39 +++++++++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 859a9078..899c3049 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,7 @@ on: - main jobs: - release-package: + release-please: runs-on: ubuntu-latest steps: @@ -16,14 +16,21 @@ jobs: command: manifest token: ${{secrets.GITHUB_TOKEN}} default-branch: main + outputs: + release_created: ${{ steps.release.outputs.release_created }} + release_tag_name: ${{ steps.release.outputs.tag_name }} + release: + runs-on: ubuntu-latest + needs: release-please + if: ${{ needs.release-please.outputs.release_created }} + + steps: - uses: actions/checkout@v4 - if: ${{ steps.release.outputs.releases_created }} with: fetch-depth: 0 - name: Setup .NET SDK - if: ${{ steps.release.outputs.releases_created }} uses: actions/setup-dotnet@v4 env: NUGET_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -34,13 +41,33 @@ jobs: source-url: https://nuget.pkg.github.com/open-feature/index.json - name: Install dependencies - if: ${{ steps.release.outputs.releases_created }} run: dotnet restore - name: Pack - if: ${{ steps.release.outputs.releases_created }} run: dotnet pack --no-restore - name: Publish to Nuget - if: ${{ steps.release.outputs.releases_created }} run: dotnet nuget push "src/**/*.nupkg" --api-key "${{ secrets.NUGET_TOKEN }}" --source https://api.nuget.org/v3/index.json + + sbom: + runs-on: ubuntu-latest + needs: release-please + continue-on-error: true + if: ${{ needs.release-please.outputs.release_created }} + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install CycloneDX.NET + run: dotnet tool install CycloneDX + + - name: Generate .NET BOM + run: dotnet CycloneDX --json --exclude-dev -sv "${{ needs.release-please.outputs.release_tag_name }}" ./src/OpenFeature/OpenFeature.csproj + + - name: Attach SBOM to artifact + env: + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + run: + gh release upload ${{ needs.release-please.outputs.release_tag_name }} bom.json