Merge branch 'improvement/upload_to_dependencytrack' into tmp/octopus/w/132.0/improvement/upload_to_dependencytrack

bert-e · bert-e · commit 4d24864b8cf0 · 2025-11-12T17:59:33.000Z
diff --git a/.github/workflows/generate-sbom.yaml b/.github/workflows/generate-sbom.yaml
@@ -83,7 +83,7 @@ jobs:
           echo "METALK8S_VERSION=$VERSION" >> $GITHUB_ENV
 
       - name: Generate sbom for extracted ISO
-        uses: scality/sbom@v2.1.0
+        uses: scality/sbom@v2
         with:
           target: ${{ env.BASE_PATH }}/iso/metalk8s.iso
           target_type: iso
@@ -94,6 +94,15 @@ jobs:
           merge: true
           merge_hierarchical: true
 
+      - name: Upload sbom to Dependency-Track
+        uses: scality/sbom-upload@v1
+        with:
+          url: ${{ vars.DEPENDENCY_TRACK_HOSTNAME }}
+          api-key: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
+          hierarchy-input-dir: ${{ env.SBOM_PATH }}
+          generate-hierarchy: true
+          hierarchy-upload: true
+
       - name: Generate archive
         shell: bash
         run: |
