|
| 1 | +name: Generate SBOM Document for binary |
| 2 | + |
| 3 | +on: |
| 4 | + workflow_dispatch: |
| 5 | + inputs: |
| 6 | + packageVersion: |
| 7 | + description: 'Agent version' |
| 8 | + type: string |
| 9 | + required: true |
| 10 | + runId: |
| 11 | + description: 'Run ID of the workflow that built the artifacts' |
| 12 | + type: string |
| 13 | + required: true |
| 14 | + |
| 15 | +permissions: |
| 16 | + contents: read |
| 17 | + |
| 18 | +jobs: |
| 19 | + generate-sbom: |
| 20 | + name: Create SBOM Document |
| 21 | + runs-on: ubuntu-22.04 |
| 22 | + if: ${{ !github.event.pull_request.head.repo.fork }} |
| 23 | + permissions: |
| 24 | + id-token: write # for OIDC authentication |
| 25 | + contents: read # Needed to download artifacts |
| 26 | + strategy: |
| 27 | + matrix: |
| 28 | + osarch: [amd64, arm64] |
| 29 | + steps: |
| 30 | + - name: Checkout Repository |
| 31 | + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 |
| 32 | + |
| 33 | + - name: Download nginx-agent binary artifacts |
| 34 | + if: ${{ inputs.runId != '' }} |
| 35 | + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # 7.0.0 |
| 36 | + with: |
| 37 | + name: nginx-agent-binaries-${{ inputs.packageVersion }}-${{ matrix.osarch }} |
| 38 | + path: binaries |
| 39 | + run-id: ${{ inputs.runId }} |
| 40 | + github-token: ${{ github.token }} |
| 41 | + |
| 42 | + - name: Generate SBOM from binary |
| 43 | + uses: nginxinc/compliance-rules/.github/actions/sbom@main |
| 44 | + with: |
| 45 | + binary-name: binaries/nginx_agent_${{ inputs.packageVersion }}_${{ matrix.osarch }} |
| 46 | + product-name: nginx-agent |
| 47 | + release-version: ${{ inputs.packageVersion }} |
| 48 | + artifactory-user: ${{ env.artifactory-user }} |
| 49 | + artifactory-token: ${{ env.artifactory-token }} |
| 50 | + az-vault-client-id: ${{ env.az_vault_sec_client_id }} |
| 51 | + az-vault-tenant-id: ${{ env.az_vault_sec_tenant_id }} |
| 52 | + az-vault-subscription-id: ${{ env.az_vault_sec_subscription_id }} |
0 commit comments