ci: Generate SBOM #245
Merged
ci: Generate SBOM #245
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jenshenneberg
changed the title
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #245 +/- ##
=======================================
Coverage 94.47% 94.47%
=======================================
Files 27 27
Lines 1104 1104
Branches 119 119
=======================================
Hits 1043 1043
Misses 37 37
Partials 24 24 ☔ View full report in Codecov by Sentry. |
|
Wow thanks @jenshenneberg ! I will review this carefully tomorrow. |
beeme1mr
approved these changes
Mar 12, 2024
Signed-off-by: Jens Henneberg <[email protected]>
|
Comment addressed (after some GitHub challenges). |
jenshenneberg
force-pushed
the
generatesbom
branch
2 times, most recently
from
42fa07a to
5230768
Compare
toddbaert
approved these changes
Mar 13, 2024
benjiro
approved these changes
Mar 13, 2024
askpt
approved these changes
Mar 14, 2024
arttonoyan
pushed a commit
to arttonoyan/dotnet-sdk
that referenced
this pull request
Nov 17, 2024
## This PR Generates Software Bill of Materials (SBOM) as described in open-feature#159. Once NuGet/Home#12497 is implemented, the SBOM file(s) should be embedded in the published nuget packages. Until then, I've added the SBOM as an asset under the release. ### Known issue The SBOM file lists the dependences for all target frameworks combined. Once the above [NuGet ](NuGet/Home#12497 is implemented, it should be changed, so there is one sbom created for each target framework with only the applicable references included. ### Related Issues Fixes open-feature#159 ### How to test Unfortunately, this is somewhat cumbersome to test, as the logic in question only kicks in upon a release from the main branch. I've tested it myself this way: - Create new fork of this repo - Merge this branch to main in the new repo - Create a release in the new repo Signed-off-by: Jens Henneberg <[email protected]> Co-authored-by: André Silva <[email protected]> Signed-off-by: Artyom Tonoyan <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR
Generates Software Bill of Materials (SBOM) as described in #159. Once NuGet/Home#12497 is implemented, the SBOM file(s) should be embedded in the published nuget packages. Until then, I've added the SBOM as an asset under the release.
Known issue
The SBOM file lists the dependences for all target frameworks combined. Once the above NuGet issue is implemented, it should be changed, so there is one sbom created for each target framework with only the applicable references included.
Related Issues
Fixes #159
How to test
Unfortunately, this is somewhat cumbersome to test, as the logic in question only kicks in upon a release from the main branch. I've tested it myself this way: