Generate Gradle SBOM #133

Workflow file for this run

.github/workflows/generate-gradle-sbom.yml at 1c7de7c

	# SPDX-FileCopyrightText: 2025 Deutsche Telekom AG and others
	#
	# SPDX-License-Identifier: Apache-2.0

	name: Generate Gradle SBOM

	on:
	workflow_run:
	workflows: [Release]
	types: [completed]
	workflow_dispatch:
	inputs:
	version:
	description: 'Version'
	default: 'main'
	required: true

	env:
	JAVA_VERSION: '21'
	JAVA_DISTRO: 'temurin'
	PRODUCT_PATH: './'

	permissions:
	contents: read

	jobs:
	generate-sbom:
	runs-on: ubuntu-latest
	if: ${{ github.event.workflow_run.conclusion == 'success' }}
	outputs:
	project-version: ${{ steps.version.outputs.PROJECT_VERSION }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 0
	ref: ${{ github.event.inputs.version }}

	- name: Setup Java SDK
	uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
	with:
	java-version: ${{ env.JAVA_VERSION }}
	distribution: ${{ env.JAVA_DISTRO }}

	- name: Setup Gradle
	uses: gradle/actions/setup-gradle@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0

	- name: Generate sbom
	run: \|
	gradle cyclonedxBom

	- name: Extract product version
	id: version
	shell: bash
	run: \|
	VERSION="$(jq -r '.metadata.component.version' < ./${{ env.PRODUCT_PATH }}build/reports/bom.json)"
	echo "PROJECT_VERSION=$VERSION" >> $GITHUB_OUTPUT
	echo "Product version is: $VERSION"

	- name: Upload sbom
	uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
	with:
	name: sbom
	path: ${{ env.PRODUCT_PATH }}build/reports/bom.json

	store-sbom-data: # stores sbom and metadata in a predefined format for otterdog to pick up
	needs: ['generate-sbom']
	uses: eclipse-csi/workflows/.github/workflows/store-sbom-data.yml@main
	with:
	projectName: 'arc'
	projectVersion: ${{ needs.generate-sbom.outputs.project-version }}
	bomArtifact: 'sbom'
	bomFilename: 'bom.json'
	parentProject: 'a75a955e-abd4-4908-b2c4-08a517b63af8'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Generate Gradle SBOM #133

Workflow file

Generate Gradle SBOM #133

Uh oh!

Workflow file for this run