Update workflow

j28smith · j28smith · commit a135be6fc193 · 2025-11-04T12:44:52.000-05:00
- Move sbom generation to build step
diff --git a/.github/workflows/hugo.yaml b/.github/workflows/hugo.yaml
@@ -107,6 +107,13 @@ jobs:
         with:
           name: build-output
           path: ./marketing/public
+      - name: Generate CycloneDX SBOM
+        run: npx @cyclonedx/cyclonedx-npm --output-format JSON --output-file shiftleftcyber.github.io.cdx.json
+      - name: Upload SBOM
+        uses: actions/upload-artifact@v5
+        with:
+          name: generated-sbom
+          path: ./marketing/shiftleftcyber.github.io.cdx.json
   # --------------------------------------------------
   # 2️⃣ Deploy
   # --------------------------------------------------
@@ -122,39 +129,12 @@ jobs:
         uses: actions/deploy-pages@v4
 
   # --------------------------------------------------
-  # 3️⃣ Generate SBOM
-  # --------------------------------------------------
-  generate-sbom:
-    name: 📦 Generate SBOM
-    runs-on: ubuntu-latest
-    needs: build
-
-    steps:
-      - name: Checkout Repo
-        uses: actions/checkout@v5
-
-      - name: Download Build Artifacts
-        uses: actions/download-artifact@v6
-        with:
-          name: build-output
-          path: ./marketing
-
-      - name: Generate CycloneDX SBOM
-        run: npx @cyclonedx/cyclonedx-npm --output-format JSON --output-file shiftleftcyber.github.io.cdx.json
-
-      - name: Upload SBOM
-        uses: actions/upload-artifact@v5
-        with:
-          name: generated-sbom
-          path: ./marketing/shiftleftcyber.github.io.cdx.json
-
-  # --------------------------------------------------
-  # 4️⃣ Sign SBOM
+  # 3️⃣ Sign SBOM
   # --------------------------------------------------
   sign-sbom:
     name: 🔏 Sign SBOM
     runs-on: ubuntu-latest
-    needs: generate-sbom
+    needs: build
 
     steps:
       - name: Checkout Repo
