v0.0.16 #18
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Generate and Upload SBOM | |
| on: | |
| release: | |
| types: [created] | |
| jobs: | |
| generate-sbom: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| # Checkout the repository code | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| # Generate SBOM using hahwul/cyclonedx-cr action | |
| - name: Generate SBOM | |
| uses: hahwul/cyclonedx-cr@v1.0.2 | |
| with: | |
| shard_file: ./shard.yml # Explicitly map to shard_file | |
| lock_file: ./shard.lock # Explicitly map to lock_file | |
| output_file: ./sbom.xml # Map to output_file | |
| output_format: xml # Map to output_format | |
| spec_version: 1.6 # Optional, specify if needed | |
| # Upload SBOM to GitHub Release | |
| - name: Upload SBOM to Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: ./sbom.xml | |
| token: ${{ secrets.GITHUB_TOKEN }} |