devextreme-cli/.github/workflows/sbom.yml at 99fab049857cfe76b14e9b6b582917313f85cb4d · DevExpress/devextreme-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
name: SBOM

on:
  push:
    branches:
      - sbom-dev

permissions:
  contents: read

jobs:
  sbom:
    if: ${{ github.event_name == 'push' && github.ref_type == 'branch' && github.ref_name == 'sbom-dev' }}
    runs-on: ubuntu-latest

    steps:
      - name: Get sources
        uses: actions/checkout@v4

      - name: Install pnpm
        uses: pnpm/action-setup@v6

      - name: Use Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: '.node-version'
          cache: 'pnpm'
          registry-url: 'https://registry.npmjs.org'

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Test devextreme-schematics
        run: pnpm --filter devextreme-schematics run test

      - name: Build devextreme-schematics
        run: pnpm --filter devextreme-schematics run build

      - name: Pack packages
        shell: bash
        run: |
          mkdir -p artifacts

          package_cli_tgz="$(pnpm --filter devextreme-cli pack --json --pack-destination artifacts | jq -er '.filename')"
          package_schematics_tgz="$(pnpm --filter devextreme-schematics pack --json --pack-destination artifacts | jq -er '.filename')"

          echo "PACKAGE_CLI_TGZ=$package_cli_tgz" >> "$GITHUB_ENV"
          echo "PACKAGE_SCHEMATICS_TGZ=$package_schematics_tgz" >> "$GITHUB_ENV"

          sbom_packages="devextreme-cli(../../$package_cli_tgz),devextreme-schematics(../../$package_schematics_tgz)"
          echo "SBOM_PACKAGES=$sbom_packages" >> "$GITHUB_ENV"

      - name: Upload packages
        uses: actions/upload-artifact@v7
        with:
          name: packages
          path: artifacts/*.tgz
          if-no-files-found: error
          retention-days: 1

      - name: Build SBOMs
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          pnpm set //npm.pkg.github.com/:_authToken="$NODE_AUTH_TOKEN"
          cd tools/make-sbom && pnpm install --frozen-lockfile && pnpm run make-sbom-hashed

      - name: Upload SBOMs
        uses: actions/upload-artifact@v7
        with:
          name: sbom
          path: tools/make-sbom/dist
          if-no-files-found: error
          retention-days: 1