1313
1414env :
1515 RELEASE_TAG : ${{ inputs.tag || github.ref_name }}
16+ SNYK_VERSION : " 1.1297.2"
17+ CYCLONEDX_VERSION : " v0.27.2"
1618
1719jobs :
1820 test :
@@ -57,14 +59,14 @@ jobs:
5759 name : Mattermost-unsigned.ipa
5860
5961 - name : ci/install-snyk
60- run : npm install -g snyk@1.1296.1
62+ run : npm install -g snyk@${{ env.SNYK_VERSION }}
6163
6264 - name : ci/generate-ios-sbom
6365 env :
6466 SNYK_TOKEN : " ${{ secrets.SNYK_TOKEN }}"
6567 run : |
66- cd ios/
6768 snyk sbom --format=cyclonedx1.6+json --json-file-output=../sbom-ios.json --all-projects
69+ working-directory : ./ios
6870 shell : bash
6971
7072 - name : ci/upload-ios-sbom
@@ -100,14 +102,14 @@ jobs:
100102 name : Mattermost-unsigned.apk
101103
102104 - name : ci/install-snyk
103- run : npm install -g snyk@1.1296.1
105+ run : npm install -g snyk@${{ env.SNYK_VERSION }}
104106
105107 - name : ci/generate-android-sbom
106108 env :
107109 SNYK_TOKEN : " ${{ secrets.SNYK_TOKEN }}"
108110 run : |
109- cd android/
110- snyk sbom --format=cyclonedx1.6+json --all-projects --json-file-output=../sbom- android.json
111+ snyk sbom --format=cyclonedx1.6+json --all-projects --json-file-output=sbom- android.json
112+ working-directory : ./ android
111113 shell : bash
112114
113115 - name : ci/upload-android-sbom
@@ -128,26 +130,54 @@ jobs:
128130 - name : ci/download-sboms
129131 uses : actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47c8a # v4.2.1
130132 with :
133+ pattern : sbom-*.json
131134 path : ${{ github.workspace }}
132- pattern : |
133- sbom-ios.json
134- sbom-android.json
135135 merge-multiple : true
136136
137137 - name : ci/install-snyk
138- run : npm install -g snyk@1.1296.1
138+ run : npm install -g snyk@${{ env.SNYK_VERSION }}
139139
140140 - name : ci/setup-cyclonedx-cli
141141 run : |
142- curl -sSfL https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.27.2/cyclonedx-linux-x64 -o cyclonedx
142+ set -e
143+ CYCLONEDX_BINARY="cyclonedx-linux-x64"
144+ CYCLONEDX_URL="https://github.com/CycloneDX/cyclonedx-cli/releases/download/${{ env.CYCLONEDX_VERSION }}/${CYCLONEDX_BINARY}"
145+
146+ # Download with better error handling and retry
147+ echo "Downloading CycloneDX CLI ${{ env.CYCLONEDX_VERSION }}..."
148+ curl -sSfL --retry 3 --retry-delay 5 "${CYCLONEDX_URL}" -o cyclonedx
149+
150+ # Verify the binary is executable and not corrupted
151+ if [ ! -s cyclonedx ]; then
152+ echo "Error: Downloaded file is empty or corrupted"
153+ exit 1
154+ fi
155+
156+ # Make executable and move to PATH
143157 chmod +x cyclonedx
144158 sudo mv cyclonedx /usr/local/bin/
145159
160+ # Verify installation
161+ cyclonedx --version
162+
146163name : ci/generate-consolidated-sbom
147164 env :
148165 SNYK_TOKEN : " ${{ secrets.SNYK_TOKEN }}"
149166 SBOM_FILENAME : " sbom-${{ github.event.repository.name }}-${{ env.RELEASE_TAG }}.json"
150167 run : |
168+ # Check if required SBOM files are available
169+ if [ ! -f "sbom-android.json" ]; then
170+ echo "Error: sbom-android.json not found. Android SBOM generation may have failed."
171+ exit 1
172+ fi
173+
174+ if [ ! -f "sbom-ios.json" ]; then
175+ echo "Error: sbom-ios.json not found. iOS SBOM generation may have failed."
176+ exit 1
177+ fi
178+
179+ echo "All required SBOM files are available. Proceeding with consolidation..."
180+
151181 # Generate top-level SBOM
152182 snyk sbom --format=cyclonedx1.6+json --json-file-output=sbom-top-level.json
153183
0 commit comments