diff --git a/.github/actions/install-packages/action.yml b/.github/actions/install-packages/action.yml new file mode 100644 index 00000000..61b4ca0f --- /dev/null +++ b/.github/actions/install-packages/action.yml @@ -0,0 +1,8 @@ +name: Install Packages +description: Install necessary packages inside the CI + +runs: + using: "composite" + steps: + - run: sudo apt update && sudo apt install libunwind-dev libunwind8 -y + shell: bash diff --git a/.github/workflows/dtrack-sbom.workflow.yaml b/.github/workflows/dtrack-sbom.workflow.yaml new file mode 100644 index 00000000..7a3e8f55 --- /dev/null +++ b/.github/workflows/dtrack-sbom.workflow.yaml @@ -0,0 +1,45 @@ +name: Dtrack SBOM publish + +env: + NODE_VERSION: "24" + +on: + release: + types: + - released + - prereleased + +jobs: + publish-sbom-to-dtrack: + name: Publish SBOM to Dependency-Track + runs-on: ubuntu-24.04 + steps: + - name: Checkout project + uses: actions/checkout@v6 + + - name: Install additional libraries + uses: ./.github/actions/install-packages + + - name: Node version ${{ env.NODE_VERSION }} + uses: actions/setup-node@v6 + with: + node-version: ${{ env.NODE_VERSION }} + + - run: npm install + - name: Create SBOM with CycloneDX + run: npx @cyclonedx/cyclonedx-npm -o bom.xml --of=XML + + - name: Get the current project version from package.json + id: get-version + run: | + echo "version=$(jq -r .version package.json)" >> $GITHUB_OUTPUT + + - name: Publish SBOM to Dependency-Track + uses: DependencyTrack/gh-upload-sbom@v3 + with: + serverhostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }} + apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }} + projectname: 'Kuzzle SDK JavaScript' + projectversion: '${{ steps.get-version.outputs.version }}' + bomfilename: "./bom.xml" + autocreate: true \ No newline at end of file diff --git a/.github/workflows/push_branches.workflow.yaml b/.github/workflows/push_branches.workflow.yaml index ca58f629..5c42302c 100644 --- a/.github/workflows/push_branches.workflow.yaml +++ b/.github/workflows/push_branches.workflow.yaml @@ -33,7 +33,7 @@ jobs: - name: Release env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_GHP }} SEMANTIC_RELEASE_NPM_PUBLISH: "true" SEMANTIC_RELEASE_SLACK_WEBHOOK: ${{ secrets.SEMANTIC_RELEASE_SLACK_WEBHOOK }} run: npx semantic-release diff --git a/CHANGELOG.md b/CHANGELOG.md index 8fc9a0aa..e2f09d1c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,15 @@ +## [7.17.0-beta.2](https://github.com/kuzzleio/sdk-javascript/compare/v7.17.0-beta.1...v7.17.0-beta.2) (2025-12-16) + +### Bug Fixes + +* use custom github token to allow sequantial workflow creation ([b3109fe](https://github.com/kuzzleio/sdk-javascript/commit/b3109fe04e9315535e990dbe4b89187a9ed0f867)) + +## [7.17.0-beta.1](https://github.com/kuzzleio/sdk-javascript/compare/v7.16.0...v7.17.0-beta.1) (2025-12-16) + +### Features + +* publish sbom to dtrack ([09d874a](https://github.com/kuzzleio/sdk-javascript/commit/09d874a9d9415afca61a192467a59ba56e558c56)) + ## [7.16.0](https://github.com/kuzzleio/sdk-javascript/compare/v7.15.1...v7.16.0) (2025-12-16) ### Features diff --git a/package-lock.json b/package-lock.json index 7bc82f16..d0109cae 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "kuzzle-sdk", - "version": "7.16.0", + "version": "7.17.0-beta.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "kuzzle-sdk", - "version": "7.16.0", + "version": "7.17.0-beta.2", "license": "Apache-2.0", "dependencies": { "ws": "8.18.3" diff --git a/package.json b/package.json index d4c89e61..4305788f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "kuzzle-sdk", - "version": "7.16.0", + "version": "7.17.0-beta.2", "description": "Official Javascript SDK for Kuzzle", "author": "The Kuzzle Team ", "repository": {