Skip to content
Generate SBOM

Generate SBOM #1

Sign in to view logs

Generate SBOM

Generate SBOM #1

Workflow file for this run

.github/workflows/generate-sbom.yml at c88f857
name: Generate SBOM
on:
release:
types: [published]
workflow_dispatch:
inputs:
version:
description: "Version"
default: "main"
required: true
env:
REGISTRY_URL: "https://registry.npmjs.org"
CDXGEN_VERSION: "11.7.0"
permissions:
contents: read
jobs:
generate-sbom:
name: Generate SBOM
runs-on: ubuntu-latest
outputs:
project-version: ${{ steps.version.outputs.PROJECT_VERSION }}
permissions:
packages: read
steps:
- name: Extract version
id: version
run: |
VERSION="${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.version }}"
echo "PROJECT_VERSION=$VERSION" >> $GITHUB_OUTPUT
echo "Product version: $VERSION"
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
ref: ${{ steps.version.outputs.PROJECT_VERSION }}
- name: Setup Node SDK
uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
with:
node-version-file: '.nvmrc'
registry-url: ${{ env.REGISTRY_URL }}
- name: Install cdxgen
run: |
npm install -g @cyclonedx/cdxgen@${{ env.CDXGEN_VERSION }}
- name: Generate SBOM
run: |
cdxgen -r -o bom.json --filter=examples
- name: Upload SBOM as artifact
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: sbom
path: bom.json
store-sbom-data: # stores sbom and metadata in a predefined format for otterdog to pick up
needs: ["generate-sbom"]
uses: eclipse-csi/workflows/.github/workflows/store-sbom-data.yml@main
with:
projectName: "langium-workspaces"
projectVersion: ${{ needs.generate-sbom.outputs.project-version }}
bomArtifact: "sbom"
bomFilename: "bom.json"
parentProject: "9f4d61ec-852d-4270-b6f5-31c7ad58c1a4"