Upgrade: [AEA-4506] - Use main branch for SBOM action (#4)

wildjames · web-flow · commit 403b75575e83 · 2024-10-18T11:49:33.000+01:00
## Summary

- Routine Change

### Details

Move to use the main branch version of the SBOM action, so it's always
up to date
diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml
@@ -5,11 +5,6 @@ on:
     secrets:
       SONAR_TOKEN:
         required: true
-    inputs:
-      node_version:
-        description: The version of node used in this project.
-        required: true
-        type: string
 
 jobs:
   quality_checks:
@@ -259,63 +254,11 @@ jobs:
           name: cfn_guard_output
           path: cfn_guard_output
 
+      - name: Generate and check SBOMs
+        uses: NHSDigital/eps-action-sbom@main
+  
       - name: SonarCloud Scan
         uses: SonarSource/sonarcloud-github-action@master
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-
-  sbom_checks:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ env.BRANCH_NAME }}
-          fetch-depth: 0
-  
-      # using git commit sha for version of action to ensure we have stable version
-      - name: Install asdf
-        uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
-        with:
-          asdf_branch: v0.14.1
-
-      - name: Cache asdf
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.asdf
-          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
-          restore-keys: |
-            ${{ runner.os }}-asdf-
-
-      - name: Install asdf dependencies in .tool-versions
-        uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6
-        with:
-          asdf_branch: v0.14.1
-        env:
-          PYTHON_CONFIGURE_OPTS: --enable-shared
-
-      - name: Setting up .npmrc
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc
-          echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc
-
-      - name: make install
-        run: |
-          make install
-
-      - name: Generate and check SBOMs
-        uses: NHSDigital/eps-action-sbom@v1.1
-        with:
-          node_version: ${{ inputs.node_version }}
-
-      - name: Upload SBOMs
-        uses: actions/upload-artifact@v4
-        if: success() || failure()
-        with:
-          name: SBOMS
-          path: '**/*sbom*.json'
-
diff --git a/README.md b/README.md
@@ -14,10 +14,8 @@ A workflow to run the quality checks for EPS repositories. The steps executed by
 # Usage
 
 ## Inputs
-### `node_version`
-
-One of `[18, 20, 22]`. SBOM generations requires knowing which version of nodeJS is being used.
 
+None
 
 ## Required Makefile targets
 
@@ -50,9 +48,7 @@ on:
 
 jobs:
   quality_checks:
-    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v1
-    with:
-      node_version: '20'
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@main
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 ```
