Skip to content

Commit

Permalink
generate SBOM
Browse files Browse the repository at this point in the history
  • Loading branch information
MP91 committed Feb 15, 2023
1 parent 4d5cfd5 commit 16d9fc4
Show file tree
Hide file tree
Showing 6 changed files with 426,490 additions and 2 deletions.
36 changes: 35 additions & 1 deletion .github/workflows/build-base-images.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,9 @@ jobs:
language: [python, cpp]

name: "Building image"
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.get-tag.outputs.tag }}
runs-on: ubuntu-22.04

steps:
- name: Checkout repository
Expand Down Expand Up @@ -76,3 +78,35 @@ jobs:
push: always
platform: linux/amd64,linux/arm64
subFolder: ./Dockerfiles/${{ matrix.language }}/

generate-sbom:
name: Generate SBOM
runs-on: ubuntu-22.04
needs: [build-image]
steps:
- name: Checkout repository
uses: actions/checkout@v3

- name: Install SBOM Plugin
run: curl -sSfL https://raw.githubusercontent.com/docker/sbom-cli-plugin/main/install.sh | sh -s --

- name: Generate SBOM
run: |
docker sbom --format spdx-json --output SBOM/sbom-python.json ghcr.io/${{ github.repository }}/python:${{ needs.build-image.outputs.tag }}
docker sbom --format spdx-json --output SBOM/sbom-cpp.json ghcr.io/${{ github.repository }}/cpp:${{ needs.build-image.outputs.tag }}
- name: Upload SBOM as artifact
uses: actions/upload-artifact@v3
with:
name: SBOM
path: |
SBOM/*.json
- name: Fail if SBOM changed
run: |
if [[ -n $(git diff -I'^.*SPDXID' -I'^.*ghcr.io/eclipse-velocitas/devcontainer-base-images' -I'^.*created') ]]; then
echo '::error:: SBOM changed, please download the artifacts and commit the new content'
exit 1
else
echo "SBOM is up to date"
fi
2 changes: 1 addition & 1 deletion .github/workflows/check-licenses.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:
uses: actions/checkout@v3
with:
repository: eclipse-velocitas/license-check
ref: v1.2.0
ref: v1.2.1
path: .github/actions/license-check

- name: Run License Checker
Expand Down
1 change: 1 addition & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
exclude: SBOM/
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v3.2.0
Expand Down
1 change: 1 addition & 0 deletions NOTICE-3RD-PARTY-CONTENT.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
| Dependency | Version | License |
|:-----------|:-------:|--------:|
|actions/checkout|v3|MIT License|
|actions/upload-artifact|v3|MIT License|
|devcontainers/ci|v0.2|MIT License|
|docker/login-action|v2|Apache License 2.0|
|docker/setup-buildx-action|v2|Apache License 2.0|
Loading

0 comments on commit 16d9fc4

Please sign in to comment.