Bump the npm_and_yarn group across 2 directories with 10 updates #38

	name: Dependency Track for frontend

	on:
	push:
	paths:
	- frontend/**
	- .github/workflows/frontend-dependency-track.yaml
	branches: [ "**" ]
	tags:
	- 'spa-..*'
	pull_request:
	paths:
	- frontend/**
	- .github/workflows/frontend-dependency-track.yaml
	branches:
	- main

	jobs:
	build:
	if: ${{ !startsWith(github.ref, 'refs/heads/dependabot') }}
	runs-on: ubuntu-latest

	strategy:
	matrix:
	baseDirectory: [ "frontend/spa" ]

	steps:
	- name: Checkout code
	uses: actions/checkout@v2

	- name: Set up Node.js
	uses: actions/setup-node@v2
	with:
	node-version: '18'

	- name: Install PNPM
	run: npm install -g pnpm

	- name: Install dependencies
	run: pnpm install
	working-directory: ${{ matrix.baseDirectory }}

	- name: Create sBom
	run: pnpm sbom
	working-directory: ${{ matrix.baseDirectory }}

	- name: Get current project version
	uses: avides/[email protected]
	id: project_version
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	file-to-check: "${{ matrix.baseDirectory }}/package.json"
	only-return-version: true

	# Upload the SBOM to Dependency-Track
	- name: Upload BOM to Dependency-Track
	uses: DependencyTrack/[email protected]
	with:
	apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
	serverHostname: "dtrack.hopps.cloud"
	bomFilename: "${{ matrix.baseDirectory }}/bom.json"
	projectName: "${{ matrix.baseDirectory }}"
	projectVersion: "${{ steps.project_version.outputs.version }}"
	autoCreate: true

Provide feedback