Skip to content

Merge pull request #5110 from twz123/use-secret-types #611

Merge pull request #5110 from twz123/use-secret-types

Merge pull request #5110 from twz123/use-secret-types #611

Workflow file for this run

name: SBOM upload
on:
workflow_dispatch:
push:
branches:
- main
env:
MAKEFLAGS: -j
jobs:
sbom-upload:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
steps:
- uses: actions/checkout@v4
- name: Generate SBOM
env:
COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: |
make bindata
mkdir -p sbom && chmod 777 sbom
echo $COSIGN_KEY | base64 -d > cosign.key
make sign-sbom
- uses: actions/upload-artifact@v4
with:
name: sbom
path: sbom/
- name: SBOM upload
uses: advanced-security/[email protected]
with:
filePath: sbom/spdx.json