sbom detection

Signed-off-by: Julio Jimenez <julio@clickhouse.com>

Author: juliojimenez

action.yml

@@ -28,6 +28,10 @@ inputs:
   repository:
     description: 'Repository to download SBOM from (format: owner/repo)'
     required: true
+  sbom-format:
+    description: 'Final SBOM format (spdx or cyclonedx)'
+    required: false
+    default: 'cyclonedx'
 runs:
   using: 'docker'
   image: 'Dockerfile'
@@ -40,8 +44,7 @@ runs:
     S3_BUCKET: ${{ inputs.s3-bucket }}
     S3_KEY: ${{ inputs.s3-key }}
     REPOSITORY: ${{ inputs.repository }}
-    SBOM_PATH: ${{ inputs.sbom-path }}
-    REF: ${{ inputs.ref }}
+    SBOM_FORMAT: ${{ inputs.sbom-format }}
 branding:
   icon: 'list'
   color: 'yellow'

entrypoint.sh

@@ -178,9 +178,8 @@ main() {
     validate_env
 
     # Set defaults for optional variables
-    local sbom_path="${SBOM_PATH:-sbom.json}"
-    local ref="${REF:-main}"
     local s3_key="${S3_KEY:-sbom.json}"
+    local desired_format="${SBOM_FORMAT:-cyclonedx}"
 
     # Set up cleanup trap    
     trap cleanup EXIT
@@ -191,7 +190,7 @@ main() {
         exit 1
     fi
     local original_sbom="$temp_dir/original_sbom.json"
-    local cyclonedx_sbom="$temp_dir/cyclonedx_sbom.json"
+    local processed_sbom="$temp_dir/processed_sbom.json"
 
     # Download SBOM
     download_sbom "$REPOSITORY" "$original_sbom"