From dee70a2260dd0c914a38ab7f003e91da286630f0 Mon Sep 17 00:00:00 2001
From: Diamantis Sellis <diamantis.sellis@cosmotech.com>
Date: Tue, 26 Aug 2025 16:41:02 +0200
Subject: [PATCH] ci: send dependencies to tracker

---
 .github/workflows/track_dependencies.yml | 28 ++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 .github/workflows/track_dependencies.yml

diff --git a/.github/workflows/track_dependencies.yml b/.github/workflows/track_dependencies.yml
new file mode 100644
index 0000000..c1c8ed8
--- /dev/null
+++ b/.github/workflows/track_dependencies.yml
@@ -0,0 +1,28 @@
+name: Track Dependencies
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+
+jobs:
+  dependency_track:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v5
+      - name: Install generator
+        run: |
+          npm install --global @cyclonedx/cyclonedx-npm
+      - name: Install project dependencies
+        run: npm install
+      - name: Generate BOM
+        run: cyclonedx-npm --mc-type library -o sbom.json
+      - name: Upload BOM to Dependency Track
+        uses: DependencyTrack/gh-upload-sbom@v3
+        with:
+          serverhostname: ${{ secrets.DEPENDENCY_TRACK_SERVER_HOSTNAME }}
+          apikey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
+          project: 'd15fd01c-3d8b-42d4-a83a-ce9a5d95d72e'
+          bomfilename: 'sbom.json'