Mirrors
/
flux2
mirror of https://github.com/fluxcd/flux2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Publish Flux Software Bill of Materials (SBOM) in SPDX format

Browse Source 
- generate SBOM for Flux Go modules with Syft
- publish the SBOM SPDX JSON files to GitHub releases with GoReleaser

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
pull/2295/head
Stefan Prodan 3 years ago
parent 677dca0bc4
commit 11296cd94f
No known key found for this signature in database
GPG Key ID: 3299AEB0E4085BAF
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File

4
.github/workflows/release.yaml vendored
Unescape Escape View File

@ -66,6 +66,10 @@ jobs:
- name: Archive the OpenAPI JSON schemas - name: Archive the OpenAPI JSON schemas
run: | run: |
tar -czvf ./output/crd-schemas.tar.gz -C schemas . tar -czvf ./output/crd-schemas.tar.gz -C schemas .
- name: Setup Syft
uses: fluxcd/pkg//actions/sbom@main
with:
version: "v0.35.1"
- name: Run GoReleaser - name: Run GoReleaser
uses: goreleaser/goreleaser-action@v1 uses: goreleaser/goreleaser-action@v1
with: with:

2
.goreleaser.yml
Unescape Escape View File

@ -40,6 +40,8 @@ archives:
format: zip format: zip
files: files:
- none* - none*
sboms:
- artifacts: archive
brews: brews:
- name: flux - name: flux
tap: tap:

Write Preview
Loading…
Cancel
Save