Skip to content

.github/workflows/legacy-release_sbom-generator.yaml #22

.github/workflows/legacy-release_sbom-generator.yaml

.github/workflows/legacy-release_sbom-generator.yaml #22

#Generate SBOM for the latest dotCMS version
name: Generate and Commit SBOM
on:
release:
types: [published]
workflow_dispatch:
inputs:
dotcms_version:
description: 'Enter the dotCMS version (vYY.MM.DD)'
required: true
default: ''
jobs:
scan:
runs-on: ubuntu-latest
permissions:
contents: write # Ensure write access to contents
steps:
- name: Checkout core repository
uses: actions/checkout@v3
with:
repository: dotCMS/core
token: ${{ secrets.GITHUB_TOKEN }}
path: core
- name: Get dotCMS release version
id: get_version
run: |
if [ "${{ github.event_name }}" == "release" ]; then
# Extract the tag name from the release event context
latest_tag=${{ github.event.release.tag_name }}
else
# Use the input provided in manual run
latest_tag=${{ github.event.inputs.dotcms_version }}
fi
# Format the tag name: remove 'v' prefix
formatted_tag=$(echo "$latest_tag" | sed -e 's/^v//' -e 's/^dotcms-cli-//')
# Construct the branch name based on the formatted version
branch_name="release-${formatted_tag}"
echo "DOTCMS_VERSION=${formatted_tag}" >> $GITHUB_ENV
echo "BRANCH_NAME=${branch_name}" >> $GITHUB_ENV
- name: Print environment variables
run: |
echo "DOTCMS_VERSION=${{ env.DOTCMS_VERSION }}"
echo "BRANCH_NAME=${{ env.BRANCH_NAME }}"
- name: Pull and run dotCMS Docker image
run: |
if [ -z "${{ env.DOTCMS_VERSION }}" ]; then
echo "Error: DOTCMS_VERSION is not set"
exit 1
fi
docker pull dotcms/dotcms:${{ env.DOTCMS_VERSION }}
docker run -d -p 8082:8082 dotcms/dotcms:${{ env.DOTCMS_VERSION }}
- name: Install pipx
run: |
pip install pipx
- name: Scan Docker Image with Syft
run: |
pipx run anchore_syft dotcms/dotcms:${{ env.DOTCMS_VERSION }} -o cyclonedx-xml > core/cyclonedx.json
- name: Rename SBOM file with dotCMS version
run: |
mv core/cyclonedx.json core/dotcms-${{ env.DOTCMS_VERSION }}.json
- name: Fetch all branches and list them
run: |
cd core
git fetch --all
git branch -a
- name: Check out the target branch
run: |
cd core
git fetch origin ${{ env.BRANCH_NAME }}
git checkout -b ${{ env.BRANCH_NAME }} origin/${{ env.BRANCH_NAME }} || { echo "Failed to checkout branch ${{ env.BRANCH_NAME }}"; exit 1; }
- name: Confirm branch checkout
run: |
cd core
git status
- name: Configure Git
run: |
git config --global user.email "[email protected]"
git config --global user.name "Github Actions"
- name: Commit and push results to target branch
run: |
cd core
git add dotcms-${{ env.DOTCMS_VERSION }}.json
git commit -m "Add SBOM for dotCMS version ${{ env.DOTCMS_VERSION }}" || echo "No changes to commit"
git push origin ${{ env.BRANCH_NAME }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}