Skip to content
Generate SBOM

Generate SBOM #20

Sign in to view logs

Generate SBOM

Generate SBOM #20

Workflow file for this run

.github/workflows/sbom.yaml at 0a1c53b
name: Generate SBOM
on:
workflow_dispatch:
jobs:
sbom:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Set up PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.2'
- name: Install jq
run: sudo apt-get install jq
- name: Install SSH Key # this is necessary for Composer to be able to clone source from pimcore/ee-pimcore
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.SSH_PRIVATE_KEY_PIMCORE_DEPLOYMENTS_USER }}
known_hosts: ".... we add this in the next step ;-)"
- name: "Add authentication for private pimcore packages"
run: |
composer config repositories.private-packagist composer https://repo.pimcore.com/github-actions/
composer config --global --auth http-basic.repo.pimcore.com github-actions ${{ secrets.COMPOSER_PIMCORE_REPO_PACKAGIST_TOKEN }}
- name: Read and modify composer.json
id: update_composer
run: |
original_content=$(<composer.json)
for conflict in $(echo "$original_content" | jq -r '.conflict | to_entries[] | @base64'); do
_jq() {
echo ${conflict} | base64 --decode | jq -r ${1}
}
package_name=$(_jq '.key')
composer require "$package_name:*" --no-update
done
- name: Allow SBOM Plugin
run: composer config --no-plugins allow-plugins.cyclonedx/cyclonedx-php-composer true
- name: Install SBOM Plugin
run: composer require cyclonedx/cyclonedx-php-composer
- name: CREATE SBOM
run: composer CycloneDX:make-sbom --output-file=sbom.json --output-format=json --spec-version=1.6
- name: Commit and Push Changes
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: "Update sbom."
file_pattern: "sbom.json"