Skip to content

Commit

Permalink
feat: generate SBOMs for container images on release (#571)
Browse files Browse the repository at this point in the history 
Fixes #300
  • Loading branch information
@mowies
mowies committed Jan 10, 2023
1 parent b482d96 commit 72fe001
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,19 @@ jobs:
COSIGN_EXPERIMENTAL: 1
run: cosign sign ${{ env.IMAGE_TAG }}

- name: Generate SBOM
uses: anchore/sbom-action@v0.13.1
with:
image: ${{ env.IMAGE_TAG }}
artifact-name: sbom-${{ matrix.config.name }}
output-file: ./sbom-${{ matrix.config.name }}.spdx.json

- name: Attach SBOM to release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ needs.release-please.outputs.tag_name }}
files: ./sbom-${{ matrix.config.name }}.spdx.json

release-manifests:
if: needs.release-please.outputs.releases_created == 'true'
needs:
Expand Down

0 comments on commit 72fe001

Please sign in to comment.