Skip to content
Validate SPDX Conformance

build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 #222

Sign in to view logs

build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0

build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 #222

Workflow file for this run

.github/workflows/verify-spdx.yaml at be0531e
name: Validate SPDX Conformance
on:
pull_request:
branches: ['main']
jobs:
check-spdx:
name: Check SPDX SBOMs
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v3.3.0
with:
go-version: '1.20'
check-latest: true
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- run: |
go run ./cmd/bom/main.go generate -i registry.k8s.io/pause > example-image-pause.spdx
go run ./cmd/bom/main.go generate --format=json -i registry.k8s.io/pause > example-image-pause.spdx.json
- uses: chainguard-dev/actions/setup-spdx@d886686603afb809f7ef9b734b333e20b7ce5cda
with:
spdx-tools-version: 1.1.0
- uses: chainguard-dev/actions/setup-spdx@d886686603afb809f7ef9b734b333e20b7ce5cda
with:
download: false
spdx-tools-version: 1.1.0
sbom-path: example-image-pause.spdx
- uses: chainguard-dev/actions/setup-spdx@d886686603afb809f7ef9b734b333e20b7ce5cda
with:
download: false
spdx-tools-version: 1.1.0
sbom-path: example-image-pause.spdx.json
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.0
if: ${{ always() }}
with:
name: Example SBOMs
path: |
example-image-pause.spdx
example-image-pause.spdx.json