Add initial sbom generation support

Author: javihernandez

.github/actions/shared-steps/action.yml

@@ -356,6 +356,26 @@ runs:
         # Install ansible
         sudo ${{ env.runner_os == 'ubuntu' && 'apt-get' || 'dnf -q' }} -y install ansible
 
+    - name: Clone SBOM tools
+      shell: bash
+      run: |
+        rm -rf sbom-tools
+        git clone --depth=1 https://github.com/javihernandez/cloud-images-sbom-tools.git sbom-tools
+
+    - name: Set up Python and install generator deps
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.11'
+        cache: 'pip'
+        cache-dependency-path: sbom-tools/requirements.txt
+
+    - name: Create venv and install
+      shell: bash
+      run: |
+        python -m venv .venv-sbom
+        . .venv-sbom/bin/activate
+        pip install -r sbom-tools/requirements.txt
+
     - name: Initialize packer
       shell: bash
       run: sudo /usr/bin/packer init -upgrade .
@@ -380,6 +400,18 @@ runs:
         echo "IMAGE_FILE=${image_file}" >> $GITHUB_ENV
         echo "IMAGE_NAME=$(basename ${image_file})" >> $GITHUB_ENV
 
+    # TODO
+    - name: Generate SBOM
+      shell: bash
+      run: |
+        . ./.venv-sbom/bin/activate
+        mkdir -p sbom
+        shopt -s nullglob
+        for f in sbom-data/sbom-data*.json; do
+          base=$(basename "$f" .json)
+          python3 sbom-tools/sbom_generator.py "${base}" "$f" "${base}.spdx.json" -v
+        done
+
     # - name: Setup tmate session
     #   uses: mxschmitt/action-tmate@v3
 

ansible/roles/cleanup_vm/defaults/main.yml

@@ -1,2 +1,3 @@
 ---
 cleanup_ssh_host_keys: true
+collect_sbom_data: true

ansible/roles/cleanup_vm/tasks/main.yml

@@ -1,4 +1,9 @@
 ---
+- name: Include sbom_data role for SBOM data collection
+  include_role:
+    name: sbom_data
+  when: collect_sbom_data | bool
+
 - name: Remove older versions kernel and other packages
   ansible.builtin.command: dnf -y remove --oldinstallonly
   register: removeoldoutput