CI(workflows): Create submit-sbom.yml

kruplm · Dec 11, 2024 · d5c20fd · d5c20fd
1 parent f7d1841
commit d5c20fd
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/.github/workflows/submit-sbom.yml b/.github/workflows/submit-sbom.yml
@@ -0,0 +1,30 @@
+name: SBOM upload
+
+on:
+  workflow_dispatch:
+  push:
+    branches: ["main"]
+
+jobs:
+  SBOM-upload:
+
+    runs-on: windows-latest
+    permissions:
+      id-token: write
+      contents: write
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Generate SBOM
+      # generation command documentation: https://github.com/microsoft/sbom-tool#sbom-generation
+      run: |
+        Invoke-WebRequest -Uri "https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-win-x64.exe" -OutFile "sbom-tool.exe"
+        $RUNNER_TEMP/sbom-tool generate -b . -bc . -pn $ -pv 1.0.0 -ps OwnerName -nsb https://sbom.test.com -V Verbose
+    - uses: actions/upload-artifact@v4
+      with:
+        name: sbom
+        path: _manifest/spdx_2.2
+    - name: SBOM upload
+      uses: advanced-security/spdx-dependency-submission-action@5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e
+      with:
+        filePath: "_manifest/spdx_2.2/"