From 875848b4c3bf622d3f20b798f0c2e48ae7bb68f1 Mon Sep 17 00:00:00 2001
From: Dragomir Penev <6687393+dragomirp@users.noreply.github.com>
Date: Wed, 26 Jul 2023 16:17:21 +0300
Subject: [PATCH] [DPE-2137] Add SBOM generation (#31)

* Add SBOM generation

* Update .github/workflows/sbom.yaml

Co-authored-by: Alex Lutay <1928266+taurus-forever@users.noreply.github.com>

* Move install script to use hash

---------

Co-authored-by: Alex Lutay <1928266+taurus-forever@users.noreply.github.com>
---
 .github/workflows/publish.yaml |  6 +++---
 .github/workflows/sbom.yaml    | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/sbom.yaml

diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index 3cf80f5..b77a94f 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -8,10 +8,10 @@ on:
       - 8.0-22.04
 
 jobs:
-  build:
-    uses: ./.github/workflows/build.yaml
+  sbom:
+    uses: ./.github/workflows/sbom.yaml
   publish:
-    needs: build
+    needs: sbom
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml
new file mode 100644
index 0000000..01691df
--- /dev/null
+++ b/.github/workflows/sbom.yaml
@@ -0,0 +1,32 @@
+name: Generate SBOM
+on:
+  workflow_call:
+
+jobs:
+  build:
+    uses: ./.github/workflows/build.yaml
+  sbom:
+    needs: build
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install Syft
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/anchore/syft/4fc17edd146af34ab06f5b0443ef8ddac3aaf076/install.sh | sh -s -- -b /usr/local/bin
+      - name: Set tag
+        run: |
+          version=$(yq '(.version|split("-"))[0]' rockcraft.yaml)
+          base=$(yq '(.base|split(":"))[1]' rockcraft.yaml)
+          echo "tag=${version}-${base}_edge" >> "$GITHUB_ENV"
+      - uses: actions/download-artifact@v3
+        with:
+          name: charmed-mysql-rock
+      - name: Create SBOM
+        run: syft charmed-mysql_${{env.tag}}_amd64.rock -o spdx-json=charmed-mysql_${{env.tag}}_amd64.rock.spdx.json
+      - name: Upload SBOM
+        uses: actions/upload-artifact@v3
+        with:
+          path: "charmed-mysql_${{env.tag}}_amd64.rock.spdx.json"
+          name: charmed-mysql_${{env.tag}}_amd64.rock.spdx.json