Skip to content

SBOM generation (matrix) #193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: feature/sbom-generation
Choose a base branch
from
Open

SBOM generation (matrix) #193

wants to merge 6 commits into from

Conversation

@printminion-co
Copy link

@printminion-co printminion-co commented Jul 17, 2025
edited
Loading

Summary

re-architected the SBOM generation process

Improvements:

  • Parallel Execution: The new workflow uses a GitHub Actions matrix to generate SBOMs for all components in parallel,
  • Centralized Configuration: Component definitions are now managed in a single setup-matrix job, making it easier to add, remove, or modify components without duplicating workflow steps.
  • Enhanced Readability: By eliminating repetitive steps, the new workflow is more concise and easier to understand.
  • Dynamic Versioning: A new get-version job automatically extracts the project version from version.php and the commit SHA, ensuring consistent and accurate versioning for all SBOMs.
  • Simplified SBOM Merging: For components with both PHP and NPM dependencies, a combined SBOM is generated directly within the generate-sbom job, removing the need for a separate merge-sboms job.
  • Improved Upload Process: The upload-sboms job is now more robust, with clearer logging and a more dynamic approach to handling different types of SBOM files (combined, composer-only, or npm-only).

Checklist

@printminion-co printminion-co force-pushed the mk/tl/feature/sbom-generation branch 9 times, most recently from c6897f1 to 1926853 Compare July 18, 2025 12:33
@printminion-co printminion-co changed the title Mk/tl/feature/SBOM generation SBOM generation (matrix) Jul 18, 2025
@printminion-co
IONOS: Update package-lock. Fix @volar version satisfaction
4dcccc7 
npm error Invalid: lock file's @volar/language-core@2.4.19 does not satisfy @volar/language-core@2.4.20
npm error Invalid: lock file's @volar/source-map@2.4.19 does not satisfy @volar/source-map@2.4.20

Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>
@printminion-co printminion-co force-pushed the mk/tl/feature/sbom-generation branch 8 times, most recently from 57747f2 to 6aad0dc Compare July 18, 2025 18:15
@printminion-co
IONOS(nc-ionos-theme): submodule update to ccccc43
520db2a 
Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>
@printminion-co printminion-co force-pushed the mk/tl/feature/sbom-generation branch 6 times, most recently from 949abda to 1de9b91 Compare July 21, 2025 14:43
@printminion-co
IONOS(sbom-matrix): add SBOM generation workflow
4d60e7e 
Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>
@printminion-co
IONOS(sbom-matrix): add SBOM generation as child of a parent project
1d1438d 
in order to reflect version of component and to set it as latest

Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>
@printminion-co printminion-co force-pushed the mk/tl/feature/sbom-generation branch from 1de9b91 to 0e4dd16 Compare July 21, 2025 15:03
@printminion-co
IONOS(sbom-matrix): add SBOM tags
98656bd 
Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>
@printminion-co
DROP
45cf5a8 
Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>
@printminion-co printminion-co force-pushed the mk/tl/feature/sbom-generation branch from 0e4dd16 to 45cf5a8 Compare July 21, 2025 15:32
@printminion-co printminion-co mentioned this pull request Jul 21, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@printminion-co