Skip to content

Commit 1aed2d6

Browse files
committed
chore: Build auf Gitlab und SBOM Generierung für Flowable Modeler Server (#2071283)
fix build
1 parent 1e7eb60 commit 1aed2d6

1 file changed

Lines changed: 35 additions & 43 deletions

File tree

.github/workflows/sbom.yml

Lines changed: 35 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -23,50 +23,42 @@ jobs:
2323
#- name: Save Docker image
2424
# run: docker save my-image:tag -o image.tar
2525

26-
sbom:
27-
name: Generate merged SBOM
28-
if: github.event_name == 'release' || (github.ref_name == 'main' && github.event_name != 'pull_request')
29-
runs-on: ubuntu-latest
30-
needs: build_java_and_docker
31-
steps:
32-
- uses: actions/checkout@v6
33-
34-
- name: Create SBOM for Jars
35-
run: |
36-
mvn -T 1C org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom
26+
- name: Create SBOM for Jars
27+
run: |
28+
mvn -T 1C org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom
3729
38-
#- name: Build an image from Dockerfile
39-
# run: docker build -t docker.io/adito/flowable:${{ github.ref_name }} .
40-
- name: Run Trivy vulnerability scanner
41-
uses: aquasecurity/trivy-action@0.35.0
42-
with:
43-
image-ref: 'flowable:${{ github.ref_name }}'
44-
format: 'cyclonedx'
45-
output: 'target/trivy.json'
30+
#- name: Build an image from Dockerfile
31+
# run: docker build -t docker.io/adito/flowable:${{ github.ref_name }} .
32+
- name: Run Trivy vulnerability scanner
33+
uses: aquasecurity/trivy-action@0.35.0
34+
with:
35+
image-ref: 'adito/flowable:${{ github.ref_name }}'
36+
format: 'cyclonedx'
37+
output: 'target/trivy.json'
4638

47-
- name: Merge + validate (CycloneDX CLI via Docker)
48-
run: |
49-
docker run --rm \
50-
-v "${GITHUB_WORKSPACE}:/work" \
51-
-w /work \
52-
cyclonedx/cyclonedx-cli \
53-
merge --input-files target/bom.json target/trivy.json --output-file target/combined-sbom.json
39+
- name: Merge + validate (CycloneDX CLI via Docker)
40+
run: |
41+
docker run --rm \
42+
-v "${GITHUB_WORKSPACE}:/work" \
43+
-w /work \
44+
cyclonedx/cyclonedx-cli \
45+
merge --input-files target/bom.json target/trivy.json --output-file target/combined-sbom.json
5446
55-
- name: Convert combined SBOM to CycloneDX 1.6
56-
run: |
57-
docker run --rm \
58-
-v "${GITHUB_WORKSPACE}:/work" \
59-
-w /work \
60-
cyclonedx/cyclonedx-cli \
61-
convert --input-file target/combined-sbom.json --output-file target/combined-sbom-1.6.json --output-version v1_6 --output-format json
47+
- name: Convert combined SBOM to CycloneDX 1.6
48+
run: |
49+
docker run --rm \
50+
-v "${GITHUB_WORKSPACE}:/work" \
51+
-w /work \
52+
cyclonedx/cyclonedx-cli \
53+
convert --input-file target/combined-sbom.json --output-file target/combined-sbom-1.6.json --output-version v1_6 --output-format json
6254
63-
- name: Upload SBOM to Dependency-Track
64-
uses: DependencyTrack/gh-upload-sbom@48feab3080ff9e8f51f4d21861d9fc914eb744f5
65-
with:
66-
serverHostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }}
67-
apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
68-
projectName: ${{ github.event.repository.name }}
69-
projectVersion: ${{ github.ref_name }}
70-
projectTags: 'flowable-modeler,${{ github.event.repository.name }}'
71-
bomFilename: "target/combined-sbom-1.6.json"
72-
autoCreate: true
55+
- name: Upload SBOM to Dependency-Track
56+
uses: DependencyTrack/gh-upload-sbom@48feab3080ff9e8f51f4d21861d9fc914eb744f5
57+
with:
58+
serverHostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }}
59+
apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
60+
projectName: ${{ github.event.repository.name }}
61+
projectVersion: ${{ github.ref_name }}
62+
projectTags: 'flowable-modeler,${{ github.event.repository.name }}'
63+
bomFilename: "target/combined-sbom-1.6.json"
64+
autoCreate: true

0 commit comments

Comments
 (0)