Another path issue? #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Hugo Site And Generate SBOM | |
| on: | |
| push: | |
| branches: [main, add-sbom-workflow] | |
| workflow_dispatch: | |
| env: | |
| COMPONENT_NAME: shiftleftcyber.github.io | |
| COMPONENT_VERSION: ${{ github.sha }} | |
| # Latest versions as of 2025-10-14 | |
| GO_VERSION: 1.25.3 | |
| HUGO_VERSION: 0.151.0 | |
| NODE_VERSION: 24.10.0 | |
| TZ: America/Toronto | |
| permissions: | |
| contents: read | |
| pages: write | |
| id-token: write | |
| concurrency: | |
| group: "pages" | |
| cancel-in-progress: false | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| submodules: recursive | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: false | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| - name: Setup Pages | |
| id: pages | |
| uses: actions/configure-pages@v5 | |
| - name: Create directory for user-specific executable files | |
| run: | | |
| mkdir -p "${HOME}/.local" | |
| - name: Install Hugo | |
| run: | | |
| curl -sLJO "https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-amd64.tar.gz" | |
| mkdir "${HOME}/.local/hugo" | |
| tar -C "${HOME}/.local/hugo" -xf "hugo_extended_${HUGO_VERSION}_linux-amd64.tar.gz" | |
| rm "hugo_extended_${HUGO_VERSION}_linux-amd64.tar.gz" | |
| echo "${HOME}/.local/hugo" >> "${GITHUB_PATH}" | |
| - name: Verify installations | |
| run: | | |
| echo "Go: $(go version)" | |
| echo "Hugo: $(hugo version)" | |
| echo "Node.js: $(node --version)" | |
| - name: Install Node.js dependencies | |
| run: | | |
| cd marketing | |
| [[ -f package-lock.json || -f npm-shrinkwrap.json ]] && npm ci || true | |
| - name: Configure Git | |
| run: | | |
| git config core.quotepath false | |
| - name: Cache restore | |
| id: cache-restore | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: ${{ runner.temp }}/hugo_cache | |
| key: hugo-${{ github.run_id }} | |
| restore-keys: | |
| hugo- | |
| - name: Build the site | |
| run: | | |
| cd marketing | |
| hugo \ | |
| --gc \ | |
| --minify \ | |
| --baseURL "${{ steps.pages.outputs.base_url }}/" \ | |
| --cacheDir "${{ runner.temp }}/hugo_cache" | |
| - name: Cache save | |
| id: cache-save | |
| uses: actions/cache/save@v4 | |
| with: | |
| path: ${{ runner.temp }}/hugo_cache | |
| key: ${{ steps.cache-restore.outputs.cache-primary-key }} | |
| - name: Upload artifact | |
| uses: actions/upload-pages-artifact@v3 | |
| with: | |
| path: ./marketing/public | |
| # SBOM Generation job | |
| generate-sbom: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Generate SBOM with Syft | |
| uses: anchore/sbom-action@v0.20.6 | |
| with: | |
| path: ./marketing/ | |
| format: cyclonedx-json | |
| artifact-name: ${{ env.COMPONENT_NAME }}.${{ env.COMPONENT_VERSION }}.sbom.cdx.json | |
| - name: Archive | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: secure-sbom-api-sbom | |
| path: ${{ github.workspace }}/${{ env.COMPONENT_NAME }}.${{ env.COMPONENT_VERSION }}.sbom.cdx.json | |
| retention-days: 5 | |
| - name: Sign SBOM | |
| uses: shiftleftcyber/secure-sbom-action@v1.3.1 | |
| with: | |
| sbom_file: ${{ github.workspace }}/${{ env.COMPONENT_NAME }}.${{ env.COMPONENT_VERSION }}.sbom.cdx.json | |
| secure_sbom_action: sign | |
| api_key: ${{ secrets.SBOM_API_KEY }} | |
| key_id: ${{ secrets.SECURE_SBOM_KEYID }} | |
| - name: Archive (Signed SBOM) | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: secure-sbom-api-signed-sbom | |
| path: ${{ github.workspace }}/${{ env.COMPONENT_NAME }}.${{ env.COMPONENT_VERSION }}.sbom.cdx.signed.json | |
| retention-days: 5 | |