Skip to content
This repository has been archived by the owner on Nov 1, 2024. It is now read-only.

Merge pull request #8 from tweag/new_lock_file #9

Merge pull request #8 from tweag/new_lock_file

Merge pull request #8 from tweag/new_lock_file #9

Workflow file for this run

name: Generate SBOM
on:
push:
branches:
- main
jobs:
generate-sbom:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Check for package.json
id: check_package_json
run: |
if [ -f "package.json" ]; then
echo "has_package_json=true" >> $GITHUB_OUTPUT
else
echo "has_package_json=false" >> $GITHUB_OUTPUT
fi
- name: Check for pom.xml
id: check_pom_xml
run: |
if [ -f "pom.xml" ]; then
echo "has_pom_xml=true" >> $GITHUB_OUTPUT
else
echo "has_pom_xml=false" >> $GITHUB_OUTPUT
fi
- name: Setup Node.js
if: steps.check_package_json.outputs.has_package_json == 'true'
uses: actions/setup-node@v3
with:
node-version: 20
- name: Install dependencies
if: steps.check_package_json.outputs.has_package_json == 'true'
run: npm ci
- name: Generate SBOM
uses: anchore/sbom-action@v0
with:
path: .
output-file: sbom.spdx.json
- name: Upload SBOM
uses: actions/upload-artifact@v3
with:
name: sbom
path: sbom.spdx.json