-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: ensure sbom is copied to output-file
#411
Conversation
e364f71
to
57fd0d7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As it stands, this would break artifact upload functionality when output-file
is unset.
Additionally, you need to generate the dist/*
files (this should have happened automatically if you ran npm install
, which would have installed a git hook to do this), but you can manually run this using npm run package
.
I think you should revert all changes here except removal of:
const outputFile = core.getInput("output-file");
if (outputFile) {
fs.copyFileSync(filePath, outputFile);
}
and addition of:
const outputFile = core.getInput("output-file");
if (outputFile) {
fs.writeFileSync(outputFile, contents);
}
Before this, the sbom file would only be copied to `output-file` if `upload-artifact` is true. However, the file may still be useful if upload is not enabled. Signed-off-by: Guilherme Salazar <gsz@acm.org>
57fd0d7
to
9d55246
Compare
Thanks for reviewing / merging, @kzantow! |
The ability to specify an
|
@zosocanuck there is always a file output to a temp directory. If you add the
? |
Before this, the sbom file would only be copied to
output-file
ifupload-artifact
is true. However, the file may still be useful if upload is not enabled.