Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push SBOM to Interlynk | |
| on: | |
| release: | |
| types: | |
| - created | |
| jobs: | |
| build-sbom: | |
| name: SBOM build and Push to Platform | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Download syft binary | |
| run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin | |
| - name: Run syft | |
| run: syft version | |
| - name: Get Tag | |
| id: get_tag | |
| run: echo "tag=$(git describe --tags HEAD)" > $GITHUB_ENV | |
| - name: Build SBOM | |
| run: | | |
| syft --source-name 'sbomqs' --source-version ${{ env.tag }} --exclude ./public --exclude ./.github -o cyclonedx-json --file sbomqs.cdx.json . | |
| - name: Upload SBOM | |
| run: | | |
| curl -v "https://api.interlynk.io/lynkapi" \ | |
| -H "Authorization: Bearer ${{ secrets.INTERLYNK_SECURITY_TOKEN }}" \ | |
| -F 'operations={"query":"mutation uploadSbom($doc: Upload!, $projectId: ID!) { sbomUpload(input: { doc: $doc, projectId: $projectId }) { errors } }","variables":{"doc":null,"projectId": "${{ vars.INTERLYNK_PRODUCT_ID }}" }}' \ | |
| -F 'map={"0":["variables.doc"]}' \ | |
| -F '0=@"sbomqs.cdx.json";type=application/json' |