From f3342062dd4859c75affd17893ac9df94c58bf27 Mon Sep 17 00:00:00 2001
From: Christian Kaatz <christian.kaatz@digitalservice.bund.de>
Date: Thu, 28 Sep 2023 09:50:20 +0200
Subject: [PATCH] Update node to latest LTS and add SBOM generation during
 pipeline runs

---
 .github/workflows/ci-pipeline.yml | 7 ++++++-
 Dockerfile                        | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml
index b2aace8d..4fafddd2 100644
--- a/.github/workflows/ci-pipeline.yml
+++ b/.github/workflows/ci-pipeline.yml
@@ -23,7 +23,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v2
         with:
-          node-version: "16.13.0"
+          node-version: "18.18.0"
           cache: "npm"
 
       - run: npm install
@@ -82,6 +82,11 @@ jobs:
           docker tag ${{ env.IMAGE_NAME }}:${{ github.sha }} ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
           docker push --all-tags ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
+      - name: Generate SBOM and upload to GitHub
+        uses: anchore/sbom-action@v0.14.3
+        with:
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
+
   deploy:
     needs: [build-push-image]
     if: github.ref == 'refs/heads/main'
diff --git a/Dockerfile b/Dockerfile
index 4a5b86ba..ad8c72d9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:16-alpine
+FROM node:18-alpine
 
 # make a pipe fail on the first failure
 SHELL ["/bin/sh", "-o", "pipefail", "-c"]