Improved github actions with sbomtool

.github/workflows/build.yml

@@ -1,8 +1,8 @@
-name: Create and publish a docker image to ghcr
+name: Release| Build GHCR image
 on:
   release:
-    types:
-      - created
+    types: [published]
+  workflow_dispatch:
 
 env:
     REGISTRY: ghcr.io

.github/workflows/release.yml

@@ -1,9 +1,10 @@
-name: releaser
+name: Release| Build Binary
 
 on:
   push:
     tags:
       - 'v*'
+  workflow_dispatch:
 
 jobs:
   releaser:

.github/workflows/sbom_dev.yml

@@ -0,0 +1,74 @@
+name: Dev| Build SBOM
+
+on:
+  push:
+    branches-ignore:
+      - 'main'
+  pull_request:
+    branches-ignore:
+      - 'main'
+  workflow_dispatch:
+
+env:
+    TOOL_NAME: ${{ github.repository }}
+    SUPPLIER_NAME: Interlynk
+    SUPPLIER_URL: https://interlynk.io
+    DEFAULT_TAG: v0.0.1
+    PYLYNK_TEMP_DIR: $RUNNER_TEMP/pylynk
+    SBOM_TEMP_DIR: $RUNNER_TEMP/sbom
+    SBOM_ENV: development
+    MS_SBOM_TOOL_URL: https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64
+    MS_SBOM_SBOM_PATH: $RUNNER_TEMP/sbom/_manifest/spdx_2.2/manifest.spdx.json
+    SBOM_EXCLUDE_DIRS: "**/samples/**"
+
+
+jobs:
+  build-sbom:
+    name: Build SBOM
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3 
+        with:
+            fetch-depth: 0
+
+      - name: Get Tag
+        id: get_tag
+        run: echo "LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo 'v0.0.1')" >> $GITHUB_ENV
+
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.x'  # Specify the Python version needed
+
+      - name: Checkout Python SBOM tool
+        run: |
+          git clone https://github.com/interlynk-io/pylynk.git ${{ env.PYLYNK_TEMP_DIR }}
+          cd ${{ env.PYLYNK_TEMP_DIR }}
+          git fetch --tags
+          latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`)
+          git checkout $latest_tag
+          echo "Checked out pylynk at tag: $latest_tag"
+
+      - name: Install Python dependencies
+        run: |
+          cd ${{ env.PYLYNK_TEMP_DIR }}
+          pip install -r requirements.txt
+
+      - name: Generate SBOM
+        shell: bash
+        run: |
+          cd ${{ github.workspace }}
+          mkdir -p ${{ env.SBOM_TEMP_DIR}}
+          curl -Lo $RUNNER_TEMP/sbom-tool ${{ env.MS_SBOM_TOOL_URL }}
+          chmod +x $RUNNER_TEMP/sbom-tool
+          $RUNNER_TEMP/sbom-tool generate -b ${{ env.SBOM_TEMP_DIR }} -bc . -pn ${{ env.TOOL_NAME }} -pv ${{ env.LATEST_TAG }} -ps ${{ env.SUPPLIER_NAME}} -nsb ${{ env.SUPPLIER_URL }} -cd "--DirectoryExclusionList ${{ env.SBOM_EXCLUDE_DIRS }}"
+
+      - name: Upload SBOM 
+        run: |
+          python3 ${{ env.PYLYNK_TEMP_DIR }}/pylynk.py --verbose upload --prod ${{env.TOOL_NAME}} --env ${{ env.SBOM_ENV }} --sbom ${{ env.MS_SBOM_SBOM_PATH }} --token ${{ secrets.INTERLYNK_SECURITY_TOKEN }}
+

.github/workflows/sbom_release.yml

@@ -0,0 +1,70 @@
+name: Release| Build SBOM
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+
+env:
+    TOOL_NAME: ${{ github.repository }}
+    SUPPLIER_NAME: Interlynk
+    SUPPLIER_URL: https://interlynk.io
+    DEFAULT_TAG: v0.0.1
+    PYLYNK_TEMP_DIR: $RUNNER_TEMP/pylynk
+    SBOM_TEMP_DIR: $RUNNER_TEMP/sbom
+    SBOM_ENV: production
+    MS_SBOM_TOOL_URL: https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64
+    MS_SBOM_SBOM_PATH: $RUNNER_TEMP/sbom/_manifest/spdx_2.2/manifest.spdx.json
+    SBOM_EXCLUDE_DIRS: "**/samples/**"
+
+
+jobs:
+  build-sbom:
+    name: Build SBOM
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3 
+        with:
+            fetch-depth: 0
+
+      - name: Get Tag
+        id: get_tag
+        run: echo "LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo 'v0.0.1')" >> $GITHUB_ENV
+
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.x'  # Specify the Python version needed
+
+      - name: Checkout Python SBOM tool
+        run: |
+          git clone https://github.com/interlynk-io/pylynk.git ${{ env.PYLYNK_TEMP_DIR }}
+          cd ${{ env.PYLYNK_TEMP_DIR }}
+          git fetch --tags
+          latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`)
+          git checkout $latest_tag
+          echo "Checked out pylynk at tag: $latest_tag"
+
+      - name: Install Python dependencies
+        run: |
+          cd ${{ env.PYLYNK_TEMP_DIR }}
+          pip install -r requirements.txt
+
+      - name: Generate SBOM
+        shell: bash
+        run: |
+          cd ${{ github.workspace }}
+          mkdir -p ${{ env.SBOM_TEMP_DIR}}
+          curl -Lo $RUNNER_TEMP/sbom-tool ${{ env.MS_SBOM_TOOL_URL }}
+          chmod +x $RUNNER_TEMP/sbom-tool
+          $RUNNER_TEMP/sbom-tool generate -b ${{ env.SBOM_TEMP_DIR }} -bc . -pn ${{ env.TOOL_NAME }} -pv ${{ env.LATEST_TAG }} -ps ${{ env.SUPPLIER_NAME}} -nsb ${{ env.SUPPLIER_URL }} -cd "--DirectoryExclusionList ${{ env.SBOM_EXCLUDE_DIRS }}"
+
+      - name: Upload SBOM 
+        run: |
+          python3 ${{ env.PYLYNK_TEMP_DIR }}/pylynk.py --verbose upload --prod ${{env.TOOL_NAME}} --env ${{ env.SBOM_ENV }} --sbom ${{ env.MS_SBOM_SBOM_PATH }} --token ${{ secrets.INTERLYNK_SECURITY_TOKEN }}
+