makes output file available to calling workflow

Author: ezebunandu

actions/socket-export-sbom/README.md

@@ -49,16 +49,17 @@ jobs:
           export_env: false
 
       - name: Export SBOM from Socket
-        uses: ./socket-sbom
+        id: export-sbom
+        uses: grafana/shared-workflows/actions/socket-export-sbom@socket-export-sbom/v0.1.0
         with:
           socket_api_token: ${{ fromJSON(steps.vault-secrets.outputs.secrets).SOCKET_API_TOKEN }}
           output_file: ${{ inputs.output_file }}
 
       - name: Upload SBOM artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: "sbom"
-          path: socket-sbom/${{ inputs.output_file }}
+          path: ${{ steps.export-sbom.outputs.path }}
           retention-days: 30
 ```
 

actions/socket-export-sbom/action.yml

@@ -17,6 +17,11 @@ inputs:
     description: "Name of the file to save the sbom"
     required: false
 
+outputs:
+  path:
+    description: "Path to the exported sbom file"
+    value: ${{ steps.export-sbom.outputs.path }}
+
 runs:
   using: "composite"
   steps:
@@ -33,6 +38,7 @@ runs:
         echo "name=$REPO_NAME" >> $GITHUB_OUTPUT
 
     - name: Export SPDX SBOM from Socket.dev
+      id: export-sbom
       shell: bash
       env:
         SOCKET_API_TOKEN: ${{ inputs.socket_api_token }}
@@ -47,4 +53,4 @@ runs:
           OUTPUT_FILE=$(basename "$OUTPUT_FILE")
         fi
         go run main.go $REPO_NAME $OUTPUT_FILE
-        echo "ACTION_PATH/$OUTPUT_FILE" >> $GITHUB_OUTPUT
+        echo "path=ACTION_PATH/$OUTPUT_FILE" >> $GITHUB_OUTPUT