Add anchore/sbom-action

nginxinc · Dec 27, 2023 · aeceaf7 · aeceaf7
1 parent 7cc898e
commit aeceaf7
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/.github/workflows/build-and-sign-image.yml b/.github/workflows/build-and-sign-image.yml
@@ -8,14 +8,17 @@ on:
       - closed
     branches:
       - "main"
+  push:
+    branches:
+      - "iss-20-add-sbom"
 
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 
 jobs:
   build_and_sign_image:
-    if: ${{ github.event.pull_request.merged }}
+#    if: ${{ github.event.pull_request.merged }}
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -27,6 +30,12 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - uses: anchore/sbom-action@v0
+        with:
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          registry-username: ${{ github.actor }}
+          registry-password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Install cosign
         uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.0.2
         with: