actions/fluxcd-flux2
3
0
Fork 0
mirror of https://github.com/fluxcd/flux2.git synced 2026-02-08 00:37:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Publish Flux Software Bill of Materials (SBOM) in SPDX format

Browse source 
- generate SBOM for Flux Go modules with Syft
- publish the SBOM SPDX JSON files to GitHub releases with GoReleaser

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan 2022-01-14 09:48:11 +02:00
parent 677dca0bc4
commit 11296cd94f
No known key found for this signature in database
GPG key ID: 3299AEB0E4085BAF
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/release.yaml vendored
View file

@ -66,6 +66,10 @@ jobs:
- name: Archive the OpenAPI JSON schemas
run: |
tar -czvf ./output/crd-schemas.tar.gz -C schemas .
- name: Setup Syft
uses: fluxcd/pkg//actions/sbom@main
with:
version: "v0.35.1"
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v1
with:

2
.goreleaser.yml
View file

@ -40,6 +40,8 @@ archives:
format: zip
files:
- none*
sboms:
- artifacts: archive
brews:
- name: flux
tap: