Skip to content

Commit b447dfb

Browse files
pascalholthauspascalholthaus
authored
Change: Run sbom build before compose update
1 parent 4911943 commit b447dfb

1 file changed

Lines changed: 20 additions & 15 deletions

File tree

.github/workflows/push.yml

Lines changed: 20 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -76,8 +76,23 @@ jobs:
7676
outputs:
7777
matrix: ${{ steps.upgrade.outputs.matrix }}
7878

79-
harbor-replication:
79+
push-sbom:
80+
name: Scan image and push SBOM
81+
if: ${{ needs.push-postgres.outputs.matrix }}
8082
needs: push-postgres
83+
uses: greenbone/workflows/.github/workflows/generate-and-push-sbom-with-trivy-3rd-gen.yml@main
84+
with:
85+
image-url: "${{ vars.GREENBONE_REGISTRY}}/opensight-dev/opensight-postgres:${{ inputs.version }}"
86+
image-registry-username-secret-name: "GREENBONE_REGISTRY_READ_USER"
87+
image-registry-password-secret-name: "GREENBONE_REGISTRY_READ_TOKEN"
88+
output-file-name: 'opensight-postgres.${{ inputs.version }}.sbom.json'
89+
artifact-url: "${{ vars.GREENBONE_REGISTRY }}/opensight-dev/opensight-postgres-sbom:${{ inputs.version }}"
90+
secrets: inherit
91+
92+
harbor-replication:
93+
needs:
94+
- push-postgres
95+
- push-sbom
8196
runs-on: self-hosted-generic
8297
steps:
8398
- name: Trigger harbor replication
@@ -94,7 +109,10 @@ jobs:
94109
-d '{"policy_id": 1}'
95110
96111
push-service:
97-
needs: push-postgres
112+
needs:
113+
- push-postgres
114+
- push-sbom
115+
- harbor-replication
98116
if: ${{ needs.push-postgres.outputs.matrix }}
99117
runs-on: ubuntu-latest
100118
strategy:
@@ -111,16 +129,3 @@ jobs:
111129
repository: "greenbone/automatix"
112130
workflow: "push.yml"
113131
inputs: '{"service": "${{ matrix.service }}", "image-url": "${{ matrix.image-url }}", "digest": "${{ matrix.digest }}", "version": "${{ matrix.version }}"}'
114-
115-
generate-and-push-sbom-trivy:
116-
name: Scan image and push SBOM
117-
if: ${{ needs.push-postgres.outputs.matrix }}
118-
needs: push-postgres
119-
uses: greenbone/workflows/.github/workflows/generate-and-push-sbom-with-trivy-3rd-gen.yml@main
120-
with:
121-
image-url: "${{ vars.GREENBONE_REGISTRY}}/opensight-dev/opensight-postgres:${{ inputs.version }}"
122-
image-registry-username-secret-name: "GREENBONE_REGISTRY_READ_USER"
123-
image-registry-password-secret-name: "GREENBONE_REGISTRY_READ_TOKEN"
124-
output-file-name: 'opensight-postgres.${{ inputs.version }}.sbom.json'
125-
artifact-url: "${{ vars.GREENBONE_REGISTRY }}/opensight-dev/opensight-postgres-sbom:${{ inputs.version }}"
126-
secrets: inherit

0 commit comments

Comments
 (0)