feat(ci): include project name and version in sbom filename
This commit is contained in:
parent
8a0081ad1e
commit
6f2f2b6f38
1 changed files with 6 additions and 4 deletions
10
.github/workflows/release.yml
vendored
10
.github/workflows/release.yml
vendored
|
|
@ -40,15 +40,17 @@ jobs:
|
||||||
# generate sbom
|
# generate sbom
|
||||||
- name: "generate sbom"
|
- name: "generate sbom"
|
||||||
run: |
|
run: |
|
||||||
syft go.mod -o spdx-json=sbom.spdx.json
|
APP_NAME="gogitlabber"
|
||||||
syft go.mod -o cyclonedx-json=sbom.cyclonedx.json
|
VERSION=${GITHUB_REF#refs/tags/}
|
||||||
|
syft go.mod -o spdx-json=${APP_NAME}_${VERSION}_sbom.spdx.json
|
||||||
|
syft go.mod -o cyclonedx-json=${APP_NAME}_${VERSION}_sbom.cyclonedx.json
|
||||||
|
|
||||||
# upload sbom to release
|
# upload sbom to release
|
||||||
- name: "upload sbom to release"
|
- name: "upload sbom to release"
|
||||||
uses: "softprops/action-gh-release@v1"
|
uses: "softprops/action-gh-release@v1"
|
||||||
with:
|
with:
|
||||||
files: |
|
files: |
|
||||||
sbom.spdx.json
|
gogitlabber_*_sbom.spdx.json
|
||||||
sbom.cyclonedx.json
|
gogitlabber_*_sbom.cyclonedx.json
|
||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
|
GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue