Skip to content

Commit

Permalink
use reusable workflow for upload to dependency track
Browse files Browse the repository at this point in the history
  • Loading branch information
@netomi
netomi committed Jan 30, 2025
1 parent 01cc593 commit 937b9b9
Showing 1 changed file with 10 additions and 20 deletions.
30 changes: 10 additions & 20 deletions .github/workflows/generate-sbom.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,25 +50,15 @@ jobs:
- name: Upload sbom
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: otterdog-bom.json
name: sbom
path: otterdog-bom.json

upload-sbom:
if: github.repository == 'eclipse-csi/otterdog'
runs-on: ubuntu-latest
needs: [ 'generate-sbom' ]
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: otterdog-bom.json

- uses: DependencyTrack/gh-upload-sbom@48feab3080ff9e8f51f4d21861d9fc914eb744f5 # v3.1.0
with:
serverHostname: 'sbom.eclipse.org'
apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
projectName: 'otterdog'
projectVersion: ${{ needs.generate-sbom.outputs.project-version }}
bomFilename: "otterdog-bom.json"
parentName: 'otterdog'
parentVersion: 'parent'
autoCreate: true
store-sbom-data: # stores sbom and metadata in a predefined format for otterdog to pick up
needs: ['generate-sbom']
uses: eclipse-csi/workflows/.github/workflows/store-sbom-data.yml@main
with:
projectName: 'otterdog'
projectVersion: ${{ needs.generate-sbom.outputs.project-version }}
bomArtifact: 'sbom'
bomFilename: 'otterdog-bom.json'
parentProject: 'caa07057-876a-44f9-b162-d2c0684e5dc5'

0 comments on commit 937b9b9

Please sign in to comment.