-
Notifications
You must be signed in to change notification settings - Fork 2
43 lines (34 loc) · 1.23 KB
/
bom.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
name: Software bill of materials (BOM)
on:
push:
branches: [main]
workflow_dispatch:
jobs:
bom:
runs-on: ubuntu-latest
steps:
- name: Checkout 🛎️
uses: actions/checkout@v4
- name: Read .nvmrc
run: echo "NODE_VERSION=$(cat .nvmrc)" >> $GITHUB_OUTPUT
id: nvm
- name: Use Node.js ${{ steps.nvm.outputs.NODE_VERSION }}
uses: actions/setup-node@v4
with:
node-version: ${{ steps.nvm.outputs.NODE_VERSION }}
cache: "npm"
- name: Install @cyclonedx/cyclonedx-npm
run: npm install @cyclonedx/cyclonedx-npm --no-save
- name: Generate BOM
run: npm exec -- cyclonedx-npm --output-format XML --output-file bom.xml
- name: Push BOM to Dependency Track
env:
PROJECT_NAME: puzzle-shell
run: |
curl --verbose -s --location --request POST ${{vars.DEPENDENCY_TRACK_URL}}/api/v1/bom \
--header "X-Api-Key: ${{secrets.DEPENDENCY_TRACK_API_KEY}}" \
--header "Content-Type: multipart/form-data" \
--form "autoCreate=true" \
--form "projectName=$PROJECT_NAME" \
--form "projectVersion=latest" \
--form "bom=@bom.xml"