From 47547c71fd20d966448e713422d19f6667764a77 Mon Sep 17 00:00:00 2001 From: Dragomir Penev Date: Mon, 26 Jun 2023 15:23:30 +0300 Subject: [PATCH 1/3] Add SBOM generation --- .github/workflows/publish.yaml | 6 +++--- .github/workflows/sbom.yaml | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/sbom.yaml diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 3cf80f5..b77a94f 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -8,10 +8,10 @@ on: - 8.0-22.04 jobs: - build: - uses: ./.github/workflows/build.yaml + sbom: + uses: ./.github/workflows/sbom.yaml publish: - needs: build + needs: sbom runs-on: ubuntu-latest timeout-minutes: 5 steps: diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml new file mode 100644 index 0000000..905497c --- /dev/null +++ b/.github/workflows/sbom.yaml @@ -0,0 +1,32 @@ +name: Generate SBOM +on: + workflow_call: + +jobs: + build: + uses: ./.github/workflows/build.yaml + sbom: + needs: build + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Install Syft + run: | + curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin + - name: Set tag + run: | + version=$(yq '(.version|split("-"))[0]' rockcraft.yaml) + base=$(yq '(.base|split(":"))[1]' rockcraft.yaml) + echo "tag=${version}-${base}_edge" >> "$GITHUB_ENV" + - uses: actions/download-artifact@v3 + with: + name: charmed-mysql-rock + - name: Create SBOM + run: syft charmed-mysql_${{env.tag}}_amd64.rock -o spdx-json=charmed-mysql_${{env.tag}}_amd64.rock.spdx.json + - name: Upload SBOM + uses: actions/upload-artifact@v3 + with: + path: "charmed-mysql_${{env.tag}}_amd64.rock.spdx.json" + name: charmed-mysql_${{env.tag}}_amd64.rock.spdx.json From 51de0df1dd29892872ee8e65d94efa8aa2cef2d0 Mon Sep 17 00:00:00 2001 From: Dragomir Penev <6687393+dragomirp@users.noreply.github.com> Date: Wed, 26 Jul 2023 11:59:28 +0300 Subject: [PATCH 2/3] Update .github/workflows/sbom.yaml Co-authored-by: Alex Lutay <1928266+taurus-forever@users.noreply.github.com> --- .github/workflows/sbom.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml index 905497c..1975df2 100644 --- a/.github/workflows/sbom.yaml +++ b/.github/workflows/sbom.yaml @@ -14,7 +14,7 @@ jobs: uses: actions/checkout@v3 - name: Install Syft run: | - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin + curl -sSfL https://raw.githubusercontent.com/anchore/syft/v0.85.0/install.sh | sh -s -- -b /usr/local/bin - name: Set tag run: | version=$(yq '(.version|split("-"))[0]' rockcraft.yaml) From 778c715cd275ff0a87ee035c5b64f63759a224b9 Mon Sep 17 00:00:00 2001 From: Dragomir Penev <6687393+dragomirp@users.noreply.github.com> Date: Wed, 26 Jul 2023 14:41:19 +0300 Subject: [PATCH 3/3] Move install script to use hash --- .github/workflows/sbom.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sbom.yaml b/.github/workflows/sbom.yaml index 1975df2..01691df 100644 --- a/.github/workflows/sbom.yaml +++ b/.github/workflows/sbom.yaml @@ -14,7 +14,7 @@ jobs: uses: actions/checkout@v3 - name: Install Syft run: | - curl -sSfL https://raw.githubusercontent.com/anchore/syft/v0.85.0/install.sh | sh -s -- -b /usr/local/bin + curl -sSfL https://raw.githubusercontent.com/anchore/syft/4fc17edd146af34ab06f5b0443ef8ddac3aaf076/install.sh | sh -s -- -b /usr/local/bin - name: Set tag run: | version=$(yq '(.version|split("-"))[0]' rockcraft.yaml)