From fa62a74dab6501f7eecaea963b07db73aac07e65 Mon Sep 17 00:00:00 2001
From: Andre Vieira <andre.vieira@ydata.ai>
Date: Mon, 25 Mar 2024 12:00:04 +0000
Subject: [PATCH] fix(actions): static analysis on pre

---
 .github/workflows/prereleased.yml | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/prereleased.yml b/.github/workflows/prereleased.yml
index 3a977c7..59a4e78 100644
--- a/.github/workflows/prereleased.yml
+++ b/.github/workflows/prereleased.yml
@@ -21,7 +21,7 @@ env:
 
 permissions:
   id-token: write
-  contents: read
+  contents: write
   packages: write
 
 
@@ -211,3 +211,31 @@ jobs:
         git add ${{ env.COMPONENT }}
         git commit -a -m "chore(bump): [CI] [DEV] bump ${{ env.COMPONENT }} to $VERSION"
         git push origin master
+
+
+  static-analysis:
+    name: Static Analysis
+    runs-on:
+    #- self-hosted
+    #- large
+    - ubuntu-22.04
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Create SBOM
+      uses: anchore/sbom-action@v0
+      with:
+        upload-artifact-retention: 1
+        format: cyclonedx-json
+        output-file: package-sbom.cyclonedx.json
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ secrets.AWS_S3_SBOMS_ROLE_ARN }}
+        aws-region: ${{ env.AWS_S3_REGION }}
+
+    - name: Copy SBOM to S3
+      run: |
+        aws s3 cp package-sbom.cyclonedx.json s3://repos-sboms/${{ github.event.repository.name }}/package-sbom.cyclonedx.json