Skip to content
Build and Release SBOM Uploader

Upgrade Trivy Action #66

Sign in to view logs

Upgrade Trivy Action

Upgrade Trivy Action #66

Workflow file for this run

.github/workflows/build.yml at 03375e7
name: Build and Release SBOM Uploader
on:
push:
branches: ['**', 'octocolby-patch-2']
# tags:
# - 'v*.*.*' # Triggers on version tags like v1.2.3
pull_request:
permissions:
contents: write
packages: write
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.24
- name: Run tests
run: go test ./...
build:
name: Build Cross-Platform Binaries
runs-on: ubuntu-latest
needs: test
# if: startsWith(github.ref, 'refs/tags/')
strategy:
matrix:
goos: [linux, windows, darwin]
goarch: [amd64, arm64]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.24
- name: Build ${{ matrix.goos }}-${{ matrix.goarch }}
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
run: |
mkdir -p dist/
OUTPUT=sbom-uploader-${GOOS}-${GOARCH}
if [ "$GOOS" = "windows" ]; then
OUTPUT="${OUTPUT}.exe"
fi
go build -o dist/$OUTPUT .
- name: Upload binary
uses: actions/upload-artifact@v4
with:
name: binaries-${{ matrix.goos }}-${{ matrix.goarch }}
path: dist/
docker:
name: Build Docker Image
runs-on: ubuntu-latest
needs: build
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract version from tag
id: vars
run: |
VERSION="0.0.0-test"
echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT"
echo "OWNER=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
- name: Build Docker image
run: |
docker build -t upload-sbom-go:${{ steps.vars.outputs.VERSION }} .
# - name: Tag and Push to GHCR
# run: |
# IMAGE=ghcr.io/${{ steps.vars.outputs.OWNER }}/upload-sbom-go
# docker tag upload-sbom-go:${{ steps.vars.outputs.VERSION }} $IMAGE:${{ steps.vars.outputs.VERSION }}
# docker tag upload-sbom-go:${{ steps.vars.outputs.VERSION }} $IMAGE:latest
# docker push $IMAGE:${{ steps.vars.outputs.VERSION }}
# docker push $IMAGE:latest
- name: Generate SBOM with Trivy
uses: aquasecurity/trivy-action@0.34.2
with:
format: 'cyclonedx'
scan-type: 'fs'
scan-ref: 'go.mod'
output: 'sbom.json'
- name: test
run: cat sbom.json
- name: Upload SBOM as Artifact
uses: actions/upload-artifact@v4
with:
name: sbom.json
path: sbom.json
overwrite: true
- name: Upload SBOM to Dependency Track. How meta 🤯
run: |
docker run --rm \
-e SBOM_UPLOADER_URL='${{ secrets.DTRACK_URL }}' \
-e SBOM_UPLOADER_API_KEY='${{ secrets.DTRACK_KEY }}' \
-e SBOM_UPLOADER_NAME='upload-sbom-go' \
-e SBOM_UPLOADER_VERSION='${{ steps.vars.outputs.VERSION }}' \
-e SBOM_UPLOADER_PARENT='upload-sbom-go' \
-e SBOM_UPLOADER_TAGS='upload-sbom-go' \
-v "$(pwd)/sbom.json:/tmp/sbom.json" \
upload-sbom-go:${{ steps.vars.outputs.VERSION }} \
--sbom /tmp/sbom.json \
--latest \
--poll
# release:
# name: Create GitHub Release
# runs-on: ubuntu-latest
# needs: [build, docker]
# steps:
# - name: Download all binary artifacts
# uses: actions/download-artifact@v4
# with:
# path: all-binaries/
# - name: Collect all binaries into release-assets
# run: |
# mkdir -p release-assets
# find all-binaries -type f -exec cp {} release-assets/ \;
# - name: Create GitHub Release
# uses: softprops/action-gh-release@v2
# with:
# name: "SBOM Uploader ${{ github.ref_name }}"
# tag_name: ${{ github.ref_name }}
# draft: false
# prerelease: false
# files: |
# release-assets/*
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}