Adds SBOM creation and build for ARM

Elenpay · Jun 12, 2023 · 7a369c8 · 7a369c8
1 parent ac6f3f3
commit 7a369c8
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
@@ -5,8 +5,7 @@ on:
     tags:
       - '*'
     branches:
-      - main
-      - master
+      - '*'
 
 env:
   REGISTRY: ghcr.io
@@ -42,5 +41,16 @@ jobs:
           context: .
           file: src/Dockerfile
           push: true
+          sbom: true
+          platforms: linux/amd64,linux/arm64
+          provenance: true
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Scan SBOM
+        uses: anchore/scan-action@v3
+        with:
+          sbom: "sbom.spdx.json"
+          # fail-build: true
+          # severity-cutoff: critical
+          fail-build: false