firestack/.github/workflows/xbom.yaml at n2 · celzero/firestack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
name: Cryptography BoM

on:
  workflow_dispatch:

jobs:

  # github.com/advanced-security/cbom-action
  build-matrix:
    name: 🚏 Repo analysis
    runs-on: ubuntu-latest
    outputs:
      repositories: ${{ steps.rm.outputs.repositories }}
    steps:
      - name: 🚀 Build analysis matrix
        uses: advanced-security/cbom-action/build-matrix@v1
        id: rm
        with:
          repositoryNameWithOwner: ${{ github.repository }}
          analyzeDependencies: true
          minimumLanguageBytes: 0

  run-cbom-action:
    name: 📜 ${{ fromJson(matrix.repository).nameWithOwner }} - ${{ fromJson(matrix.repository).language }}
    runs-on: ubuntu-latest
    needs: build-matrix
    continue-on-error: true
    strategy:
      fail-fast: false
      matrix:
        repository: ${{ fromJSON(needs.build-matrix.outputs.repositories) }}

    steps:
      - name: 💈 CBOM run
        uses: advanced-security/cbom-action/analyze@d5f28cfce2a516c74cae4ebb296a427eb51f62ec # 11 Dec 25
        with:
          repositoryNameWithOwner: ${{ fromJson(matrix.repository).nameWithOwner }}
          language: ${{ fromJson(matrix.repository).language }}
          createCodeQLDatabaseIfRequired: true
          uploadToCodeScanning: false
          requestGitHubAnalysis: false
          queryTimeout: 500

  cbom-summary:
    name: 🌋 CBOM results
    runs-on: ubuntu-latest
    needs: run-cbom-action
    steps:
      - name: 🔅 Summarize
        uses: advanced-security/cbom-action/workflow-summary@d5f28cfce2a516c74cae4ebb296a427eb51f62ec # 11 Dec 25