Include SBOM as release asset #564

	name: Build image from pull request

	on:
	pull_request:
	branches:
	- master

	env:
	GCS_BUCKET: images.metal-pod.io
	SBOM_NAME: sbom.json

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@master
	- uses: google-github-actions/setup-gcloud@v0
	with:
	service_account_email: ${{ secrets.GCP_SA_EMAIL }}
	service_account_key: ${{ secrets.GCP_SA_KEY }}
	- name: Build image
	run: make metal-hammer-initrd.img.lz4
	- name: Generate SBOM
	uses: anchore/sbom-action@v0
	with:
	format: spdx-json
	artifact-name: ${{ env.SBOM_NAME }}
	output-file: ${{ env.SBOM_NAME }}
	- name: Prepare image upload
	run: \|
	export PULL_REQUEST_NUMBER=$(echo "$GITHUB_REF" \| awk -F / '{print $3}')
	mkdir -p images/metal-hammer/pull-requests/${PULL_REQUEST_NUMBER}-${GITHUB_HEAD_REF##*/}
	mv metal-hammer-initrd.img.lz4* ${{ env.SBOM_NAME }} \
	images/metal-hammer/pull-requests/${PULL_REQUEST_NUMBER}-${GITHUB_HEAD_REF##*/}/
	- name: Upload image tarballs to GCS
	run: gsutil -m cp -r -p images/metal-hammer gs://$GCS_BUCKET

Provide feedback