.github/workflows/legacy-release_sbom-generator.yaml #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generate SBOM for latest version of dotCMS and put into core repo | |
| name: Generate SBOM for dotCMS Releases | |
| on: | |
| release: | |
| types: [published] | |
| workflow_dispatch: | |
| inputs: | |
| dotcms_version: | |
| description: 'Enter the dotCMS version (vYY.MM.DD)' | |
| required: true | |
| default: '' | |
| jobs: | |
| scan: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout core repository | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: dotCMS/core | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| path: core | |
| - name: Get dotCMS release version | |
| id: get_version | |
| run: | | |
| if [ "${{ github.event_name }}" == "release" ]; then | |
| latest_tag=${{ github.event.release.tag_name }} | |
| else | |
| latest_tag=${{ github.event.inputs.dotcms_version }} | |
| fi | |
| formatted_tag=$(echo "$latest_tag" | sed -e 's/^dotcms-cli-//' -e 's/^v//') | |
| echo "DOTCMS_VERSION=$formatted_tag" >> $GITHUB_ENV | |
| - name: Setup Python environment | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.x' | |
| cache: 'pip' | |
| - name: Install pipx and Syft | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pipx | |
| pipx install anchore-syft | |
| - name: Pull dotCMS Docker image | |
| run: | | |
| docker pull dotcms/dotcms:${{ env.DOTCMS_VERSION }} | |
| - name: Generate SBOM using Syft | |
| run: | | |
| mkdir -p core/sbom | |
| pipx run syft dotcms/dotcms:${{ env.DOTCMS_VERSION }} -o cyclonedx-xml > core/sbom/dotcms-${{ env.DOTCMS_VERSION }}.json | |
| commit: | |
| runs-on: ubuntu-latest | |
| needs: scan | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout core repository | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: dotCMS/core | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| path: core | |
| - name: Create sbom folder if not exists | |
| run: | | |
| mkdir -p core/sbom | |
| - name: Configure Git | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "GitHub Actions" | |
| - name: Commit and push SBOM | |
| run: | | |
| cd core | |
| git add sbom/dotcms-${{ env.DOTCMS_VERSION }}.json | |
| git commit -m "Add SBOM for dotCMS version ${{ env.DOTCMS_VERSION }}" || echo "No changes to commit" | |
| git push origin master | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # EoF |