mirror of
https://github.com/fluxcd/flux2.git
synced 2026-02-20 06:31:47 +00:00
Publish Flux Software Bill of Materials (SBOM) in SPDX format
- generate SBOM for Flux Go modules with Syft - publish the SBOM SPDX JSON files to GitHub releases with GoReleaser Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan
parent
677dca0bc4
commit
11296cd94f
2 changed files with 6 additions and 0 deletions
4
.github/workflows/release.yaml
vendored
4
.github/workflows/release.yaml
vendored
|
|
@ -66,6 +66,10 @@ jobs:
|
||||||
- name: Archive the OpenAPI JSON schemas
|
- name: Archive the OpenAPI JSON schemas
|
||||||
run: |
|
run: |
|
||||||
tar -czvf ./output/crd-schemas.tar.gz -C schemas .
|
tar -czvf ./output/crd-schemas.tar.gz -C schemas .
|
||||||
|
- name: Setup Syft
|
||||||
|
uses: fluxcd/pkg//actions/sbom@main
|
||||||
|
with:
|
||||||
|
version: "v0.35.1"
|
||||||
- name: Run GoReleaser
|
- name: Run GoReleaser
|
||||||
uses: goreleaser/goreleaser-action@v1
|
uses: goreleaser/goreleaser-action@v1
|
||||||
with:
|
with:
|
||||||
|
|
|
||||||
|
|
@ -40,6 +40,8 @@ archives:
|
||||||
format: zip
|
format: zip
|
||||||
files:
|
files:
|
||||||
- none*
|
- none*
|
||||||
|
sboms:
|
||||||
|
- artifacts: archive
|
||||||
brews:
|
brews:
|
||||||
- name: flux
|
- name: flux
|
||||||
tap:
|
tap:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue