augment sbom action

oarbusi · oarbusi · commit 50f54ed0a0f7 · 2025-06-16T16:56:50.000+02:00
diff --git a/.github/workflows/generate-augmented-sbom.yml b/.github/workflows/generate-augmented-sbom.yml
@@ -0,0 +1,53 @@
+name: Augment SBOM
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_version:
+        description: "Release version (e.g. 3.12.1)"
+        required: true
+        type: string
+      resource:
+        description: "Resource name (e.g. organization, project, etc.)"
+        required: true
+        type: string
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  augment-sbom:
+    runs-on: ubuntu-latest
+    env:
+      KONDUKTO_TOKEN: ${{ secrets.KONDUKTO_TOKEN }}
+      KONDUKTO_REPO: ${{ vars.KONDUKTO_REPO }}
+      KONDUKTO_BRANCH_PREFIX: ${{ vars.KONDUKTO_BRANCH_PREFIX }}
+      SILKBOMB_IMG: ${{ vars.SILKBOMB_IMG }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get current date
+        id: date
+        run: echo "date=$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT"
+
+      - name: Augment SBOM with Kondukto
+        env:
+          RELEASE_VERSION: ${{ inputs.release_version }}
+        run: ./scripts/compliance/augment-sbom.sh
+
+      - name: Generate SSDLC report
+        env:
+          AUTHOR: ${{ github.actor }}
+          VERSION: ${{ inputs.release_version }}
+          AUGMENTED_REPORT: "true"
+        run: ./scripts/compliance/gen-ssdlc-report.sh
+
+      - name: Upload augmented SBOM as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: augmented_sbom_and_ssdlc_report
+          path: |
+            cfn-resources/${{ inputs.resource }}/compliance/augmented-sbom-v${{ inputs.release_version }}-${{ steps.date.outputs.date }}.json
+            cfn-resources/${{ inputs.resource }}/compliance/ssdlc-compliance-${{ inputs.release_version }}-${{ steps.date.outputs.date }}.md
+          if-no-files-found: error 
