@@ -23,6 +23,9 @@ defaults:
2323 working-directory : ./marketing
2424
2525jobs :
26+ # --------------------------------------------------
27+ # 1️⃣ Build
28+ # --------------------------------------------------
2629 build :
2730 runs-on : ubuntu-latest
2831 env :
@@ -38,12 +41,12 @@ jobs:
3841 submodules : recursive
3942 fetch-depth : 0
4043 - name : Setup Go
41- uses : actions/setup-go@v5
44+ uses : actions/setup-go@v6
4245 with :
4346 go-version : ${{ env.GO_VERSION }}
4447 cache : false
4548 - name : Setup Node.js
46- uses : actions/setup-node@v4
49+ uses : actions/setup-node@v6
4750 with :
4851 node-version : ${{ env.NODE_VERSION }}
4952 - name : Setup Pages
@@ -99,10 +102,32 @@ jobs:
99102 path : ${{ runner.temp }}/hugo_cache
100103 key : ${{ steps.cache-restore.outputs.cache-primary-key }}
101104 - name : Upload artifact
102- uses : actions/upload-pages-artifact@v3
105+ uses : actions/upload-pages-artifact@v4
103106 with :
107+ name : build-output
104108 path : ./marketing/public
105-
109+ - name : Generate CycloneDX SBOM
110+ run : npx @cyclonedx/cyclonedx-npm --output-format JSON --output-file shiftleftcyber.github.io.cdx.json
111+ - name : Upload SBOM
112+ uses : actions/upload-artifact@v5
113+ with :
114+ name : generated-sbom
115+ path : ./marketing/shiftleftcyber.github.io.cdx.json
116+ - name : Sign SBOM
117+ uses : shiftleftcyber/secure-sbom-action@v1.3.1
118+ with :
119+ sbom_file : ./marketing/shiftleftcyber.github.io.cdx.json
120+ secure_sbom_action : sign
121+ api_key : ${{ secrets.SECURE_SBOM_API_KEY }}
122+ key_id : ${{ secrets.SECURE_SBOM_KEYID }}
123+ - name : Upload Signed SBOM
124+ uses : actions/upload-artifact@v5
125+ with :
126+ name : signed-sbom
127+ path : ./marketing/shiftleftcyber.github.io.cdx.signed.json
128+ # --------------------------------------------------
129+ # 2️⃣ Deploy
130+ # --------------------------------------------------
106131 deploy :
107132 environment :
108133 name : github-pages
0 commit comments