11name : Release
22
33on :
4- workflow_dispatch :
5- inputs :
6- tag :
7- description : Git tag to build release from
8- required : true
4+ workflow_dispatch :
5+ inputs :
6+ tag :
7+ description : Git tag to build release from
8+ required : true
99jobs :
1010 release-images :
1111 runs-on : ubuntu-latest
@@ -120,6 +120,25 @@ jobs:
120120 make release-plugins
121121 make manifests IMAGE_TAG=${{ github.event.inputs.tag }}
122122
123+ name : Generate SBOM (spdx)
124+ id : spdx-builder
125+ env :
126+ # defines the https://github.com/opensbom-generator/spdx-sbom-generator
127+ # to use.
128+ SPDX_GEN_VERSION : v0.0.13
129+ # comma delimited list of project relative folders to inspect for package
130+ # managers (gomod, yarn, npm).
131+ PROJECT_FOLDERS : " .,./ui"
132+ run : |
133+ yarn install --cwd ./ui
134+ wget -q https://github.com/opensbom-generator/spdx-sbom-generator/releases/download/$SPDX_GEN_VERSION/spdx-sbom-generator-$SPDX_GEN_VERSION-linux-386.tar.gz -O generator.tar.gz
135+ tar -zxf generator.tar.gz
136+ for folder in $(echo $PROJECT_FOLDERS | sed "s/,/ /g")
137+ do
138+ ./spdx-sbom-generator -p $folder -o /tmp
139+ done
140+ tar -zcf /tmp/sbom.tar.gz /tmp/*.spdx
141+
123142name : Draft release
124143 uses : softprops/action-gh-release@v1
125144 with :
@@ -135,5 +154,6 @@ jobs:
135154 manifests/namespace-install.yaml
136155 manifests/notifications-install.yaml
137156 docs/features/kustomize/rollout_cr_schema.json
157+ /tmp/sbom.tar.gz
138158env :
139159 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
0 commit comments