Skip to content

Merge pull request #191 from eyakubovich/ey/bump-deps-2 #60

Merge pull request #191 from eyakubovich/ey/bump-deps-2

Merge pull request #191 from eyakubovich/ey/bump-deps-2 #60

Workflow file for this run

name: Generate an SBOM from source code
on:
pull_request:
push:
branches:
- 'main'
tags:
- '**'
jobs:
generate-sbom:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Generate SBOM from source code
uses: eyakubovich/sbom-action@ey/add-config-input
with:
artifact-name: sbom.spdx.json
upload-artifact: true
config: .github/edgebit/source-syft.yaml
- name: Save metadata to an artifact
run: |
cat > /tmp/metadata.json <<EOF
{
"pr-number": "${{ github.event.number }}",
"tags": "${{ github.ref == 'refs/heads/main' && 'latest' || '' }}"
}
EOF
- uses: actions/upload-artifact@v3
with:
name: metadata.json
path: /tmp/metadata.json