.github/workflows/legacy-release_sbom-generator.yaml #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Generate SBOM for the latest dotCMS version | |
name: Generate and Commit SBOM | |
on: | |
release: | |
types: [published] | |
workflow_dispatch: | |
inputs: | |
dotcms_version: | |
description: 'Enter the dotCMS version (vYY.MM.DD)' | |
required: true | |
default: '' | |
jobs: | |
scan: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write # Ensure write access to contents | |
steps: | |
- name: Checkout core repository | |
uses: actions/checkout@v3 | |
with: | |
repository: dotCMS/core | |
token: ${{ secrets.GITHUB_TOKEN }} | |
path: core | |
- name: Get dotCMS release version | |
id: get_version | |
run: | | |
if [ "${{ github.event_name }}" == "release" ]; then | |
# Extract the tag name from the release event context | |
latest_tag=${{ github.event.release.tag_name }} | |
else | |
# Use the input provided in manual run | |
latest_tag=${{ github.event.inputs.dotcms_version }} | |
fi | |
# Format the tag name: remove 'v' prefix | |
formatted_tag=$(echo "$latest_tag" | sed -e 's/^v//' -e 's/^dotcms-cli-//') | |
# Construct the branch name based on the formatted version | |
branch_name="release-${formatted_tag}" | |
echo "DOTCMS_VERSION=${formatted_tag}" >> $GITHUB_ENV | |
echo "BRANCH_NAME=${branch_name}" >> $GITHUB_ENV | |
- name: Print environment variables | |
run: | | |
echo "DOTCMS_VERSION=${{ env.DOTCMS_VERSION }}" | |
echo "BRANCH_NAME=${{ env.BRANCH_NAME }}" | |
- name: Pull and run dotCMS Docker image | |
run: | | |
if [ -z "${{ env.DOTCMS_VERSION }}" ]; then | |
echo "Error: DOTCMS_VERSION is not set" | |
exit 1 | |
fi | |
docker pull dotcms/dotcms:${{ env.DOTCMS_VERSION }} | |
docker run -d -p 8082:8082 dotcms/dotcms:${{ env.DOTCMS_VERSION }} | |
- name: Install pipx | |
run: | | |
pip install pipx | |
- name: Scan Docker Image with Syft | |
run: | | |
pipx run anchore_syft dotcms/dotcms:${{ env.DOTCMS_VERSION }} -o cyclonedx-xml > core/cyclonedx.json | |
- name: Rename SBOM file with dotCMS version | |
run: | | |
mv core/cyclonedx.json core/dotcms-${{ env.DOTCMS_VERSION }}.json | |
- name: Fetch all branches and list them | |
run: | | |
cd core | |
git fetch --all | |
git branch -a | |
- name: Check out the target branch | |
run: | | |
cd core | |
git fetch origin ${{ env.BRANCH_NAME }} | |
git checkout -b ${{ env.BRANCH_NAME }} origin/${{ env.BRANCH_NAME }} || { echo "Failed to checkout branch ${{ env.BRANCH_NAME }}"; exit 1; } | |
- name: Confirm branch checkout | |
run: | | |
cd core | |
git status | |
- name: Configure Git | |
run: | | |
git config --global user.email "[email protected]" | |
git config --global user.name "Github Actions" | |
- name: Commit and push results to target branch | |
run: | | |
cd core | |
git add dotcms-${{ env.DOTCMS_VERSION }}.json | |
git commit -m "Add SBOM for dotCMS version ${{ env.DOTCMS_VERSION }}" || echo "No changes to commit" | |
git push origin ${{ env.BRANCH_NAME }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |