From e7271726109302df3d5fa7540dc06d0527cc5abc Mon Sep 17 00:00:00 2001 From: Surendra Pathak Date: Thu, 26 Oct 2023 09:41:36 -0700 Subject: [PATCH] sbomgr SBOM push workflow - Push CDX SBOM from sbomgr to Interlynk --- .github/workflows/sbom.yml | 39 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/sbom.yml diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml new file mode 100644 index 0000000..971869c --- /dev/null +++ b/.github/workflows/sbom.yml @@ -0,0 +1,39 @@ +name: Build and Push SBOM to Interlynk + +on: + push: + branches: + - main # Adjust to your main branch name + pull_request: + branches: + - main # Adjust to your main branch name + +jobs: + build-sbom: + name: SBOM build and Push to Platform + runs-on: ubuntu-latest + permissions: + id-token: write + contents: write + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Download syft binary + run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin + - name: Run syft + run: syft version + - name: Get Tag + id: get_tag + run: echo "tag=$(git describe --tags HEAD)" > $GITHUB_ENV + - name: Build SBOM + run: | + syft --source-name 'sbomgr' --source-version ${{ env.tag }} --exclude ./public -o cyclonedx-json --file sbomgr.cdx.json . + - name: Upload SBOM + run: | + curl -v "https://api.interlynk.io/lynkapi" \ + -H "Authorization: Bearer ${{ secrets.INTERLYNK_SECURITY_TOKEN }}" \ + -F 'operations={"query":"mutation uploadSbom($doc: Upload!, $projectId: ID!) { sbomUpload(input: { doc: $doc, projectId: $projectId }) { errors } }","variables":{"doc":null,"projectId": "${{ vars.INTERLYNK_PRODUCT_ID }}" }}' \ + -F 'map={"0":["variables.doc"]}' \ + -F '0=@"sbomgr.cdx.json";type=application/json'