From 921aa13fc9c398576ab39e3a08fd49b5d24acbfe Mon Sep 17 00:00:00 2001 From: Tung Bui Date: Tue, 15 Aug 2023 17:50:16 +0700 Subject: [PATCH 1/3] ci: fix issue SBOM not being triggered --- .github/workflows/build.yml | 4 ++++ .github/workflows/sbom-report.yml | 20 -------------------- 2 files changed, 4 insertions(+), 20 deletions(-) delete mode 100644 .github/workflows/sbom-report.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b23a03fa484..6e89c9d50af 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -353,6 +353,10 @@ jobs: path: dist - name: Generate checksum file run: cd dist && sha256sum * > "k6-${VERSION}-checksums.txt" + - name: Anchore SBOM Action + uses: anchore/sbom-action@v0.12.0 + with: + artifact-name: ${{ github.event.repository.name }}-spdx.json - name: Create release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/sbom-report.yml b/.github/workflows/sbom-report.yml deleted file mode 100644 index 004225f6b62..00000000000 --- a/.github/workflows/sbom-report.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: syft-sbom-ci - -on: - release: - types: [published] - -jobs: - syft-sbom: - - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Anchore SBOM Action - uses: anchore/sbom-action@v0.12.0 - with: - artifact-name: ${{ github.event.repository.name }}-spdx.json - From 6fd7722d1822cd93652f5685446695b8d897461e Mon Sep 17 00:00:00 2001 From: Tung Bui Date: Tue, 15 Aug 2023 22:34:23 +0700 Subject: [PATCH 2/3] ci: fix issue SBOM not being triggered - archive spdx --- .github/workflows/build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6e89c9d50af..1caf6022c94 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -356,7 +356,9 @@ jobs: - name: Anchore SBOM Action uses: anchore/sbom-action@v0.12.0 with: - artifact-name: ${{ github.event.repository.name }}-spdx.json + artifact-name: k6-${{ env.VERSION }}-spdx.json + upload-release-assets: false + output-file: dist/k6-${{ env.VERSION }}-spdx.json - name: Create release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From e3fec1bd7501de3342a1a33914206575355085bd Mon Sep 17 00:00:00 2001 From: Tung Bui Date: Wed, 16 Aug 2023 15:02:20 +0700 Subject: [PATCH 3/3] ci: fix issue SBOM not being triggered - continue-on-error --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1caf6022c94..8ab4376129e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -354,6 +354,7 @@ jobs: - name: Generate checksum file run: cd dist && sha256sum * > "k6-${VERSION}-checksums.txt" - name: Anchore SBOM Action + continue-on-error: true uses: anchore/sbom-action@v0.12.0 with: artifact-name: k6-${{ env.VERSION }}-spdx.json