Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Build: [AEA-4433] - Add SBOM action and make target #470

Closed
wants to merge 42 commits into from
Closed
Changes from 1 commit
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
fc744a5
Add SBOM action and make target
wildjames Sep 9, 2024
938412a
Upgrade: [dependabot] - bump boto3 from 1.35.14 to 1.35.15 (#471)
dependabot[bot] Sep 10, 2024
051d434
Upgrade: [dependabot] - bump @typescript-eslint/parser from 8.4.0 to …
dependabot[bot] Sep 10, 2024
64b5839
Upgrade: [dependabot] - bump @typescript-eslint/eslint-plugin from 8.…
dependabot[bot] Sep 10, 2024
429acb0
Upgrade: [dependabot] - bump typescript from 5.5.4 to 5.6.2 (#473)
dependabot[bot] Sep 10, 2024
0b05733
Bump sbom action version
wildjames Sep 11, 2024
ccedd03
Test defining versions
wildjames Sep 11, 2024
083c403
Upgrade: [dependabot] - bump boto3 from 1.35.15 to 1.35.16 (#475)
dependabot[bot] Sep 11, 2024
28d2855
Upgrade: [dependabot] - bump pytest from 8.3.2 to 8.3.3 (#476)
dependabot[bot] Sep 11, 2024
21e99b0
Use inputs
wildjames Sep 11, 2024
b5c2ee2
Ditch python input (makes no difference to scan)
wildjames Sep 11, 2024
ecddf34
Try npm 20 SBOM
wildjames Sep 11, 2024
69a0218
Move the SBOM generation to after make install
wildjames Sep 11, 2024
ca72ab0
Ignore known issues
wildjames Sep 12, 2024
9e71ce4
Upgrade: [dependabot] - bump boto3 from 1.35.14 to 1.35.15 (#471)
dependabot[bot] Sep 10, 2024
dc47c3d
Upgrade: [dependabot] - bump @typescript-eslint/parser from 8.4.0 to …
dependabot[bot] Sep 10, 2024
5f36005
Upgrade: [dependabot] - bump @typescript-eslint/eslint-plugin from 8.…
dependabot[bot] Sep 10, 2024
eeb1e5b
Upgrade: [dependabot] - bump boto3 from 1.35.15 to 1.35.16 (#475)
dependabot[bot] Sep 11, 2024
37a97b1
Upgrade: [dependabot] - bump pytest from 8.3.2 to 8.3.3 (#476)
dependabot[bot] Sep 11, 2024
de534f8
Upgrade: [dependabot] - bump boto3 from 1.35.16 to 1.35.17 (#477)
dependabot[bot] Sep 12, 2024
ecf5e54
Upgrade: [dependabot] - bump @NHSDigital/eps-spine-client from 2.0.15…
dependabot[bot] Sep 12, 2024
6f2fd08
Upgrade: [dependabot] - bump @nhs/fhir-middy-error-handler from 2.1.2…
dependabot[bot] Sep 12, 2024
b3bd38c
Upgrade: [dependabot] - bump semantic-release from 24.1.0 to 24.1.1 (…
dependabot[bot] Sep 12, 2024
fe92b2b
Make commands need some dev container infra
wildjames Sep 16, 2024
a0ae876
Upgrade: [dependabot] - bump boto3 from 1.35.17 to 1.35.18 (#481)
dependabot[bot] Sep 13, 2024
6bdce71
Upgrade: [dependabot] - bump @types/jest from 29.5.12 to 29.5.13 (#482)
dependabot[bot] Sep 15, 2024
84c4109
Upgrade: [dependabot] - bump @types/node from 22.5.4 to 22.5.5 (#483)
dependabot[bot] Sep 16, 2024
a2b7ac0
Upgrade: [dependabot] - bump boto3 from 1.35.18 to 1.35.19 (#485)
dependabot[bot] Sep 16, 2024
3924be8
Upgrade: [dependabot] - bump cfn-lint from 1.12.4 to 1.13.0 (#484)
dependabot[bot] Sep 16, 2024
99161eb
Upgrade: [dependabot] - bump @aws-lambda-powertools/logger from 2.7.0…
dependabot[bot] Sep 17, 2024
06d9d21
Upgrade: [dependabot] - bump @aws-lambda-powertools/parameters from 2…
dependabot[bot] Sep 17, 2024
b987927
Upgrade: [dependabot] - bump @middy/input-output-logger from 5.4.7 to…
dependabot[bot] Sep 17, 2024
4d9b3bc
Upgrade: [dependabot] - bump @typescript-eslint/eslint-plugin from 8.…
dependabot[bot] Sep 17, 2024
1457f0c
Linter complains about this but I cant find an issue. Try deploying
wildjames Sep 17, 2024
073a1de
Remove old quality checks yaml
wildjames Sep 17, 2024
a601443
Experimenting
wildjames Sep 17, 2024
563b45e
Revert "Remove old quality checks yaml"
wildjames Sep 17, 2024
7c7380e
Revert 'Linter complains about this but I cant find an issue. Try dep…
wildjames Sep 17, 2024
8bd6135
Try again
wildjames Sep 17, 2024
a739f9a
Maybe fixed?
wildjames Sep 17, 2024
d0a7afe
Remove unnecessary yaml file
wildjames Sep 17, 2024
69d2ca6
Meaningless change to force workflow to update
wildjames Sep 18, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Move the SBOM generation to after make install
wildjames committed Sep 11, 2024
commit 69a02187cfee8a200faec9b47fef58e8b4573e22
13 changes: 6 additions & 7 deletions .github/workflows/quality_checks.yml
Original file line number Diff line number Diff line change
@@ -45,20 +45,19 @@ jobs:
echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc
echo "@nhsdigital:registry=https://npm.pkg.github.com" >> ~/.npmrc
- name: make install
run: |
make install
- name: Generate and check SBOMs
uses: NHSDigital/eps-action-sbom@npm20_version



- name: Upload SBOMs
uses: actions/upload-artifact@v3
with:
name: SBOMS
path: '**/*sbom*.json'

- name: make install
run: |
make install

- name: run check-licenses
run: make check-licenses