This might be a good introduction to GitHub Actions.
The entire functionality here is just one GitHub Actions Workflow file.
There is a simpler workflow you can start with: ../.github/workflows/build_simple.yaml-disabled
-
Add SBOM as described in: github.com/microsoft/sbom-tool/blob/main/docs/setting-up-github-actions.md
-
github.com/${OWNER}/${REPO}/network/dependencies (relative link) offers an SBOM file, is this the same? Does this make sense?
-
For maintenance, if something breaks, use these tools:
-
Tutorial for GitHub Actions
Go to
github.com/${OWNER}/${REPO}/settings/actions
(relative link)
and select:
Actions permissions → Allow OWNER, and select non-OWNER, actions and reusable workflows.
Enable Allow actions created by GitHub.
Add ncipollo/release-action@v* to Allow specified actions and reusable workflows.
TODO: Find a way to do this with gh.