feat(ci): add sbom to releases
This commit is contained in:
parent
f6bc2a0e9d
commit
9cfd39da9d
1 changed files with 20 additions and 0 deletions
20
.github/workflows/release.yml
vendored
20
.github/workflows/release.yml
vendored
|
|
@ -24,6 +24,16 @@ jobs:
|
|||
with:
|
||||
go-version: "stable"
|
||||
|
||||
# install syft
|
||||
- name: "install syft"
|
||||
uses: "anchore/sbom-action/download-syft@v0"
|
||||
|
||||
# generate sbom
|
||||
- name: "generate sbom"
|
||||
run: |
|
||||
syft . -o spdx-json=sbom.spdx.json
|
||||
syft . -o cyclonedx-json=sbom.cyclonedx.json
|
||||
|
||||
# run goreleaser
|
||||
- name: "run goreleaser"
|
||||
uses: "goreleaser/goreleaser-action@v6"
|
||||
|
|
@ -32,3 +42,13 @@ jobs:
|
|||
args: "release --clean --config ./.github/.goreleaser.yaml"
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
|
||||
|
||||
# upload sbom to release
|
||||
- name: "upload sbom to release"
|
||||
uses: "softprops/action-gh-release@v1"
|
||||
with:
|
||||
files: |
|
||||
sbom.spdx.json
|
||||
sbom.cyclonedx.json
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue