dify plugin #16
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Generate SBOM | |
| # Trigger the workflow on push and pull requests to any branch. | |
| on: | |
| release: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| # Cancel any preceding run on the pull request after a new commit is pushed. | |
| concurrency: | |
| group: sbom-${{ github.event.pull_request.number || github.ref }}-${{ github.event_name }} | |
| # Don't cancel if running on a push to the main branch. | |
| cancel-in-progress: ${{ (github.event.pull_request.head.ref || github.ref) != 'refs/heads/main' }} | |
| jobs: | |
| generate-sbom: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read # to find workflow artifacts when attaching release assets | |
| contents: write # for sbom-action artifact uploads | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| # Create a '/sbom' directory to store the SBOM file in the project root. | |
| - name: Create SBOM directory | |
| run: mkdir -p sbom | |
| - name: Generate SBOM with Syft | |
| # This action uses syft to generate the SBOM. | |
| # It's an easy way to get started without manually installing syft. | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| # This is the path to the directory containing your Python source code. | |
| # The action will scan this directory for dependencies. | |
| path: ./src | |
| # The name for the output artifact. | |
| artifact-name: MemMachine-SBOM | |
| # Specify the output format. SPDX is a common standard. | |
| format: spdx-json | |
| # Explicitly set the output file path within the runner's workspace. | |
| output-file: ./sbom/MemMachine-SBOM.spdx.json | |
| - name: Upload SBOM as a workflow artifact | |
| # This step uploads the generated SBOM file so it can be downloaded later. | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: MemMachine-SBOM | |
| path: ./sbom/MemMachine-SBOM.spdx.json | |
| overwrite: true |