golang/gogitlabber
golang/gogitlabber
3
0
Fork 0
Code Issues 1 Pull requests Releases 1 Activity

feat(ci): add sbom to releases

Browse source
This commit is contained in:
Simon Cornet 2025-04-23 17:07:40 +02:00
commit 9cfd39da9d
1 changed files with 20 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

20
.github/workflows/release.yml vendored
View file

@ -24,6 +24,16 @@ jobs:
with: with:
go-version: "stable" go-version: "stable"
# install syft
- name: "install syft"
uses: "anchore/sbom-action/download-syft@v0"
# generate sbom
- name: "generate sbom"
run: |
syft . -o spdx-json=sbom.spdx.json
syft . -o cyclonedx-json=sbom.cyclonedx.json
# run goreleaser # run goreleaser
- name: "run goreleaser" - name: "run goreleaser"
uses: "goreleaser/goreleaser-action@v6" uses: "goreleaser/goreleaser-action@v6"
@ -32,3 +42,13 @@ jobs:
args: "release --clean --config ./.github/.goreleaser.yaml" args: "release --clean --config ./.github/.goreleaser.yaml"
env: env:
GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
# upload sbom to release
- name: "upload sbom to release"
uses: "softprops/action-gh-release@v1"
with:
files: |
sbom.spdx.json
sbom.cyclonedx.json
env:
GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}