fix(ci): prevent SBOM artifact name collision in releases #353
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: docker-publish | |
| on: | |
| push: | |
| tags: | |
| - v* | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| jobs: | |
| build: | |
| name: Build and publish '${{ matrix.project }}' to Docker Registry | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| project: [api, ssh, gateway, ui, ui-react, cli] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v6 | |
| - name: Get release version | |
| id: get_version | |
| run: echo "RELEASE_VERSION=${{ github.ref_name }}" >> $GITHUB_ENV | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v4 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build and publish '${{ matrix.project }}' to Docker Registry | |
| uses: docker/build-push-action@v7 | |
| with: | |
| tags: shellhubio/${{ matrix.project }}:latest,shellhubio/${{ matrix.project }}:${{ env.RELEASE_VERSION }} | |
| push: true | |
| file: ${{ matrix.project }}/Dockerfile | |
| - name: Generate SBOM for '${{ matrix.project }}' image | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| image: shellhubio/${{ matrix.project }}:${{ env.RELEASE_VERSION }} | |
| format: cyclonedx-json | |
| output-file: sbom-${{ matrix.project }}-${{ env.RELEASE_VERSION }}.cdx.json | |
| upload-artifact: false | |
| - name: Generate SBOM for '${{ matrix.project }}' source | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| path: ${{ matrix.project }} | |
| format: cyclonedx-json | |
| output-file: sbom-${{ matrix.project }}-source-${{ env.RELEASE_VERSION }}.cdx.json | |
| upload-artifact: false | |
| - name: Upload SBOM artifacts | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: sbom-${{ matrix.project }} | |
| path: sbom-${{ matrix.project }}-*.cdx.json | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@v3 | |
| - name: Attach SBOM to '${{ matrix.project }}' image | |
| run: | | |
| cosign attach sbom \ | |
| --sbom sbom-${{ matrix.project }}-${{ env.RELEASE_VERSION }}.cdx.json \ | |
| --type cyclonedx \ | |
| shellhubio/${{ matrix.project }}:${{ env.RELEASE_VERSION }} | |
| publish-enterprise: | |
| name: Build and publish 'api-enterprise' to Docker Registry | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout shellhub source | |
| uses: actions/checkout@v6 | |
| with: | |
| path: shellhub | |
| - name: Generate cloud repo token | |
| id: cloud-token | |
| uses: actions/create-github-app-token@v3 | |
| with: | |
| app-id: ${{ secrets.CLOUD_DISPATCH_APP_ID }} | |
| private-key: ${{ secrets.CLOUD_DISPATCH_APP_PRIVATE_KEY }} | |
| owner: shellhub-io | |
| repositories: cloud | |
| - name: Checkout cloud source | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: shellhub-io/cloud | |
| token: ${{ steps.cloud-token.outputs.token }} | |
| ref: ${{ github.ref_name }} | |
| path: cloud | |
| - name: Get release version | |
| run: echo "RELEASE_VERSION=${{ github.ref_name }}" >> $GITHUB_ENV | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: registry.infra.ossystems.io | |
| username: ${{ secrets.PORTUS_USERNAME }} | |
| password: ${{ secrets.PORTUS_TOKEN }} | |
| - name: Build and publish 'api-enterprise' to Docker Registry | |
| uses: docker/build-push-action@v7 | |
| with: | |
| tags: registry.infra.ossystems.io/shellhub/api-enterprise:latest,registry.infra.ossystems.io/shellhub/api-enterprise:${{ env.RELEASE_VERSION }} | |
| push: true | |
| context: shellhub | |
| file: shellhub/api/Dockerfile | |
| build-args: EDITION=enterprise | |
| build-contexts: cloud-src=./cloud | |
| - name: Generate SBOM for api-enterprise image | |
| uses: anchore/sbom-action@v0 | |
| with: | |
| image: registry.infra.ossystems.io/shellhub/api-enterprise:${{ env.RELEASE_VERSION }} | |
| format: cyclonedx-json | |
| output-file: sbom-api-enterprise-${{ env.RELEASE_VERSION }}.cdx.json | |
| upload-artifact: false | |
| - name: Upload SBOM artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: sbom-api-enterprise | |
| path: sbom-api-enterprise-*.cdx.json | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@v3 | |
| - name: Attach SBOM to api-enterprise image | |
| run: | | |
| cosign attach sbom \ | |
| --sbom sbom-api-enterprise-${{ env.RELEASE_VERSION }}.cdx.json \ | |
| --type cyclonedx \ | |
| registry.infra.ossystems.io/shellhub/api-enterprise:${{ env.RELEASE_VERSION }} | |
| release-sboms: | |
| name: Attach SBOMs to GitHub Release | |
| needs: [build, publish-enterprise] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Download all SBOM artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| pattern: sbom-* | |
| merge-multiple: true | |
| - name: Attach SBOMs to release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ github.ref_name }} | |
| draft: true | |
| files: sbom-*.cdx.json |