feat(ci): include project name and version in sbom filename
This commit is contained in:
parent
8a0081ad1e
commit
6f2f2b6f38
1 changed files with 6 additions and 4 deletions
10
.github/workflows/release.yml
vendored
10
.github/workflows/release.yml
vendored
|
|
@ -40,15 +40,17 @@ jobs:
|
|||
# generate sbom
|
||||
- name: "generate sbom"
|
||||
run: |
|
||||
syft go.mod -o spdx-json=sbom.spdx.json
|
||||
syft go.mod -o cyclonedx-json=sbom.cyclonedx.json
|
||||
APP_NAME="gogitlabber"
|
||||
VERSION=${GITHUB_REF#refs/tags/}
|
||||
syft go.mod -o spdx-json=${APP_NAME}_${VERSION}_sbom.spdx.json
|
||||
syft go.mod -o cyclonedx-json=${APP_NAME}_${VERSION}_sbom.cyclonedx.json
|
||||
|
||||
# upload sbom to release
|
||||
- name: "upload sbom to release"
|
||||
uses: "softprops/action-gh-release@v1"
|
||||
with:
|
||||
files: |
|
||||
sbom.spdx.json
|
||||
sbom.cyclonedx.json
|
||||
gogitlabber_*_sbom.spdx.json
|
||||
gogitlabber_*_sbom.cyclonedx.json
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue