feat: push bom to tracker

sellisd · sellisd · commit 61e2fd646989 · 2025-08-08T15:35:50.000+02:00
diff --git a/.github/workflows/track_dependencies.yml b/.github/workflows/track_dependencies.yml
@@ -30,4 +30,11 @@ jobs:
         with:
           name: cosmotech-api-bom
           path: build/reports/cosmotech-api-bom.xml
-          overwrite: true
+          overwrite: true
+      - name: Upload cyclonedx bom to dependency
+        uses: DependencyTrack/gh-upload-sbom@v3
+        with:
+          serverhostname: ${{ secrets.DEPENDENCY_TRACK_SERVER_HOSTNAME }}
+          apikey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
+          project: '50a4ad6a-638b-4d7e-9d8e-0310efa85ab9'
+          bomfilename: 'build/reports/cosmotech-api-bom.xml'
