From 779ae2bf53c621044c15a6b16ca688c744629be5 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Wed, 10 Jul 2024 18:14:29 +0100 Subject: [PATCH] Generate sbom Signed-off-by: Prabhu Subramanian --- .github/workflows/pythonapp.yml | 8 ++++++++ .github/workflows/pythonpublish.yml | 26 ++++++++++++++++++-------- 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pythonapp.yml b/.github/workflows/pythonapp.yml index af8a2ba..1e59f26 100644 --- a/.github/workflows/pythonapp.yml +++ b/.github/workflows/pythonapp.yml @@ -36,3 +36,11 @@ jobs: env: PYTHONPATH: . TEST_VDB_HOME: vdb_data + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version: '22.x' + - name: Generate SBOM with cdxgen + run: | + sudo npm install -g @cyclonedx/cdxgen + cdxgen -t python -o bom.json . -p diff --git a/.github/workflows/pythonpublish.yml b/.github/workflows/pythonpublish.yml index 5cf4a0c..c1626e7 100644 --- a/.github/workflows/pythonpublish.yml +++ b/.github/workflows/pythonpublish.yml @@ -19,21 +19,31 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: '3.11' + python-version: '3.12' + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version: '22.x' - name: Install dependencies run: | python -m pip install --upgrade pip pip install setuptools wheel twine build - - name: Create Release - id: create_release - if: startsWith(github.ref, 'refs/tags/') - uses: softprops/action-gh-release@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Build run: | python3 -m build - name: Publish package distributions to PyPI if: startsWith(github.ref, 'refs/tags/') uses: pypa/gh-action-pypi-publish@release/v1 - + - name: Generate SBOM with cdxgen + run: | + sudo npm install -g @cyclonedx/cdxgen + cdxgen -t python -o bom.json . + - name: Create Release + id: create_release + if: startsWith(github.ref, 'refs/tags/') + uses: softprops/action-gh-release@v1 + with: + files: | + bom.json + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}