.github/workflows/legacy-release_sbom-generator.yaml #7

	# Generate SBOM for dotCMS Releases once they are published based on core repo.

	name: Generate SBOM for dotCMS Releases

	on:
	release:
	types: [published]
	workflow_dispatch:
	inputs:
	dotcms_version:
	description: 'Enter the dotCMS version (vYY.MM.DD)'
	required: true
	default: ''

	jobs:
	scan:
	runs-on: ubuntu-latest
	permissions:
	contents: write

	steps:
	- name: Checkout core repository
	uses: actions/checkout@v3
	with:
	repository: dotCMS/core
	token: ${{ secrets.GITHUB_TOKEN }}
	path: core

	- name: Get dotCMS release version
	id: get_version
	run: \|
	if [ "${{ github.event_name }}" == "release" ]; then
	latest_tag=${{ github.event.release.tag_name }}
	else
	latest_tag=${{ github.event.inputs.dotcms_version }}
	fi
	formatted_tag=$(echo "$latest_tag" \| sed -e 's/^dotcms-cli-//' -e 's/^v//')
	echo "DOTCMS_VERSION=$formatted_tag" >> $GITHUB_ENV

	- name: Install pipx and Syft
	run: \|
	python -m pip install --upgrade pip
	pip install pipx
	pipx install anchor-syft

	- name: Pull dotCMS Docker image
	run: \|
	docker pull dotcms/dotcms:${{ env.DOTCMS_VERSION }}

	- name: Generate SBOM using Syft
	run: \|
	mkdir -p core/sbom
	anchor-syft dotcms/dotcms:${{ env.DOTCMS_VERSION }} -o cyclonedx > core/sbom/dotcms-${{ env.DOTCMS_VERSION }}.json

	- name: Commit and push SBOM
	run: \|
	cd core
	git add sbom/dotcms-${{ env.DOTCMS_VERSION }}.json
	git commit -m "Add SBOM for dotCMS version ${{ env.DOTCMS_VERSION }}" \|\| echo "No changes to commit"
	git push origin master
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	#EoF

Provide feedback