-
Notifications
You must be signed in to change notification settings - Fork 6
71 lines (61 loc) · 2.02 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
name: Release | Build Binary
on:
push:
tags:
- "v*"
workflow_dispatch:
env:
TOOL_NAME: ${{ github.repository }}
LATEST_TAG: v0.0.1
SUPPLIER_NAME: Interlynk
SUPPLIER_URL: https://interlynk.io
PYLYNK_TEMP_DIR: $RUNNER_TEMP/pylynk
SBOM_TEMP_DIR: $RUNNER_TEMP/sbom
MS_SBOM_TOOL_URL: https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64
MS_SBOM_TOOL_EXCLUDE_DIRS: "**/samples/**"
jobs:
releaser:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- run: git fetch --force --tags
- uses: actions/setup-go@v3
with:
go-version: ">=1.20"
check-latest: true
cache: true
- name: Get Tag
id: get_tag
run: echo "LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo 'v0.0.1')" >> $GITHUB_ENV
- name: Goreleaser
uses: goreleaser/goreleaser-action@v4
with:
install-only: true
- run: go version
- run: goreleaser -v
- name: Download sbom-tool
run: |
curl -Lo $RUNNER_TEMP/sbom-tool ${{ env.MS_SBOM_TOOL_URL }}
chmod +x $RUNNER_TEMP/sbom-tool
- name: Releaser
run: make release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Generate SBOM
shell: bash
run: |
cd ${{ github.workspace }}
mkdir -p ${{ env.SBOM_TEMP_DIR}}
$RUNNER_TEMP/sbom-tool generate -b ${{ env.SBOM_TEMP_DIR }} -bc . -pn ${{ env.TOOL_NAME }} -pv ${{ env.LATEST_TAG }} -ps ${{ env.SUPPLIER_NAME}} -nsb ${{ env.SUPPLIER_URL }} -cd "--DirectoryExclusionList ${{ env.MS_SBOM_TOOL_EXCLUDE_DIRS }}"
ls -lR ${{ env.SBOM_TEMP_DIR }}
- name: Upload SBOM as Release Asset
uses: actions/upload-artifact@v4
with:
name: sbom
path: /home/runner/work/_temp/sbom/_manifest/spdx_2.2/manifest.spdx.json
if-no-files-found: error