action.yml

name: "Anchore SBOM Action"
description: "Creates an SBOM (Software Bill Of Materials) from your code and container images"
author: "Anchore"
branding:
  color: blue
  icon: check-circle
inputs:
  path:
    required: false
    description: "A path to a directory on the filesystem to scan"
    default: "."

  file:
    required: false
    description: "A file on the filesystem to scan"

  image:
    required: false
    description: "A container image to scan"

  registry-username:
    required: false
    description: "The registry username"

  registry-password:
    required: false
    description: "The registry password"

  format:
    required: false
    description: "The SBOM format to export"
    default: "spdx-json"

  github-token:
    description: "Authorized secret GitHub Personal Access Token. Defaults to github.token"
    required: false
    default: ${{ github.token }}

  artifact-name:
    description: "The name to use for the SBOM file generated by this action"
    required: false

  output-file:
    required: false
    description: "A file location to output the SBOM"

  syft-version:
    required: false
    description: "The version of Syft to use"

  dependency-snapshot:
    required: false
    description: "Upload to GitHub dependency snapshot API"
    default: "false"

  upload-artifact:
    required: false
    description: "Upload artifact to workflow"
    default: "true"

  upload-artifact-retention:
    required: false
    description: >
      Retention policy for uploaded artifact to workflow.

      Minimum 1 day.
      Maximum 90 days unless changed from the repository settings page.
      An input of 0 assumes default retention value.
    default: 0

  upload-release-assets:
    required: false
    description: "Upload release assets"
    default: "true"

  config:
    required: false
    description: "Configuration file to use"

runs:
  using: "node20"
  main: "dist/runSyftAction/index.js"