Add anchore/sbom-action

nginxinc · Dec 27, 2023 · 1f8f53e · 1f8f53e
1 parent 7cc898e
commit 1f8f53e
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/.github/workflows/build-and-sign-image.yml b/.github/workflows/build-and-sign-image.yml
@@ -8,6 +8,9 @@ on:
       - closed
     branches:
       - "main"
+  push:
+    branches:
+      - "iss-20-add-sbom"
 
 env:
   REGISTRY: ghcr.io
@@ -27,6 +30,12 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - uses: anchore/sbom-action@v0
+        with:
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          registry-username: ${{ github.actor }}
+          registry-password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Install cosign
         uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.0.2
         with: