Merge branch 'refs/heads/master' into release-1.0.0

korvyashka · korvyashka · commit 71f840e29f7b · 2024-09-06T14:14:13.000+04:00
# Conflicts:
#	.github/workflows/sbom.yml
#	Cargo.lock
#	Cargo.toml
#	Dockerfile
#	action.yml
#	docs/CommandLineHelp.md
#	docs/EdgeApps.md
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
@@ -3,39 +3,57 @@ name: Generate SBOMs
 
 on:
   push:
-    branches:
-      - master
-    paths:
-      - 'Cargo.lock'
+    tags:
+      - 'v*'
 
 jobs:
   sbom:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
 
-      - uses: actions/setup-python@v5
-        with:
-          python-version: '3.10'
-          cache: 'pip'
+      - name: Install cyclonedx-rust-cargo
+        run: |
+          cargo install cargo-cyclonedx
 
-      - name: Install sbom4rust
+      - name: Generate SBOM
         run: |
-          pip install git+https://github.com/anthonyharrison/sbom4rust.git
+          cargo cyclonedx \
+            --spec-version 1.6 \
+            -f json
 
-      - name: Run sbom4rust
+      - name: Enrich and clean up SBOM
         run: |
-          sbom4rust -a screenly-cli --sbom spdx --format json -o sbom.spdx.json
-          sbom4rust -a screenly-cli --sbom cyclonedx --format json -o sbom.cyclonedx.json
 
-      - name: Upload SPDX SBOM
-        uses: actions/upload-artifact@v3
-        with:
-          name: cli-SPDX
-          path: sbom.spdx.json
+          # Grab the version
+          export VERSION_TAG="${GITHUB_REF#refs/*/}"
+          export VERION=$(echo $VERSION_TAG | sed 's/^v//g')
+
+          # Delete unnecessary metadata.component.components.
+          jq 'del(.metadata.component.components)' \
+            screenly.cdx.json \
+            > screenly.cdx.json.tmp
+          mv screenly.cdx.json.tmp screenly.cdx.json
+
+          # Render SBOM metadata template
+          cat sbom/metadata.cdx.json.tmpl | jq | \
+            envsubst > metadata.cdx.json
+
+          # Merge in CycloneDX Metadata
+          jq --slurp '.[0] * .[1]' \
+            screenly.cdx.json \
+            metadata.cdx.json \
+            > screenly-cli.cdx.json
 
       - name: Upload CycloneDX SBOM
         uses: actions/upload-artifact@v3
         with:
           name: cli-CycloneDX
-          path: sbom.cyclonedx.json
+          path: screenly-cli.cdx.json
+
+      - name: Upload SBOM
+        uses: sbomify/github-action@master
+        with:
+          token: ${{ secrets.SBOMIFY_TOKEN }}
+          sbom-file: 'screenly-cli.cdx.json'
+          component-id: 'UUzAdk8ixV'
diff --git a/README.md b/README.md
@@ -1,3 +1,8 @@
+[![sbomified](https://sbomify.com/assets/images/logo/badge.svg)](https://app.sbomify.com/component/UUzAdk8ixV)
+[![Lint](https://github.com/Screenly/cli/actions/workflows/lint.yml/badge.svg)](https://github.com/Screenly/cli/actions/workflows/lint.yml)
+[![Rust](https://github.com/Screenly/cli/actions/workflows/rust.yml/badge.svg)](https://github.com/Screenly/cli/actions/workflows/rust.yml)
+[![Nix](https://github.com/Screenly/cli/actions/workflows/nix.yml/badge.svg)](https://github.com/Screenly/cli/actions/workflows/nix.yml)
+
 # Screenly Command Line Interface (CLI)
 
 The Screenly CLI simplifies interactions with Screenly through your terminal, designed for both manual use and task automation.
diff --git a/sbom/metadata.cdx.json.tmpl b/sbom/metadata.cdx.json.tmpl
@@ -0,0 +1,67 @@
+{
+    "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+    "metadata": {
+        "manufacture": {
+            "name": "Screenly, Inc",
+            "url": "https://www.screenly.io"
+        },
+        "lifecycles": [
+            {
+                "phase": "build"
+            }
+        ],
+        "supplier": {
+            "name": "Screenly, Inc",
+            "url": "https://www.screenly.io/"
+        },
+        "externalReferences": [
+            {
+                "type": "documentation",
+                "url": "https://developer.screenly.io/"
+            },
+            {
+                "type": "vcs",
+                "url": "https://github.com/${GITHUB_REPOSITORY}.git"
+            },
+            {
+                "type": "support",
+                "url": "https://support.screenly.io"
+            }
+        ],
+        "authors": [
+            {
+                "name": "Screenly Dev Team",
+                "email": "support@screenly.io"
+            }
+        ],
+        "licenses": [
+            {
+                "license": {
+                    "id": "MIT",
+                    "name": "MIT License",
+                    "url": "https://raw.githubusercontent.com/${GITHUB_REPOSITORY}/master/LICENSE"
+                }
+            }
+        ],
+        "component": {
+            "name": "screenly-cli",
+            "bom-ref": "screenly-cli-${VERSION}",
+            "purl": "pkg:github/${GITHUB_REPOSITORY}@${VERSION_TAG}",
+            "version": "${VERSION}"
+        }
+        "externalReferences": [
+            {
+                "type": "documentation",
+                "url": "https://developer.screenly.io/"
+            },
+            {
+                "type": "vcs",
+                "url": "https://github.com/${GITHUB_REPOSITORY}.git"
+            },
+            {
+                "type": "support",
+                "url": "https://support.screenly.io"
+            }
+        ]
+    }
+}
