Skip to content

Commit 96dd757

Browse files
feat: generate SBOM and attach as artifact in CD workflow
Co-authored-by: thomasneuberger <23504477+thomasneuberger@users.noreply.github.com> Agent-Logs-Url: https://github.com/thomasneuberger/TgHomeBot/sessions/919dae8a-b9a6-479b-8135-ed4e6160e078
1 parent 7e6d7d9 commit 96dd757

1 file changed

Lines changed: 10 additions & 0 deletions

File tree

.github/workflows/cd.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,8 @@ jobs:
1717
permissions:
1818
contents: read
1919
packages: write
20+
id-token: write
21+
attestations: write
2022

2123
steps:
2224
- uses: actions/checkout@v4
@@ -54,5 +56,13 @@ jobs:
5456
tags: ${{ steps.metaApi.outputs.tags }}
5557
labels: ${{ steps.metaApi.outputs.labels }}
5658

59+
- name: Generate SBOM
60+
uses: anchore/sbom-action@v0.17.2
61+
with:
62+
image: ${{ env.REGISTRY }}/thomasneuberger/tghomebot-api:${{ steps.imageTag.outputs.tag }}
63+
artifact-name: sbom-${{ steps.imageTag.outputs.tag }}.spdx.json
64+
output-file: sbom.spdx.json
65+
format: spdx-json
66+
5767
- name: Output image tag
5868
run: echo "Image tag ${{ steps.imageTag.outputs.tag }} published" >> $GITHUB_STEP_SUMMARY

0 commit comments

Comments
 (0)