Skip to content

Commit 6c8ba9a

Browse files
authored
feat(.github): Generate Chainloop CLI SBOM (#1329)
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
1 parent 62213c8 commit 6c8ba9a

2 files changed

Lines changed: 14 additions & 0 deletions

File tree

.github/workflows/build_and_package.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ jobs:
2626
CHAINLOOP_TOKEN: ${{ secrets.CHAINLOOP_TOKEN }}
2727
CONTAINER_IMAGE_CP: ghcr.io/chainloop-dev/chainloop/control-plane:${{ github.ref_name }}
2828
CONTAINER_IMAGE_CAS: ghcr.io/chainloop-dev/chainloop/artifact-cas:${{ github.ref_name }}
29+
CONTAINER_IMAGE_CLI: ghcr.io/chainloop-dev/chainloop/cli:${{ github.ref_name }}
2930
GH_TOKEN: ${{ github.token }}
3031
CHAINLOOP_WORKFLOW_NAME: "chainloop-vault-build-and-package"
3132
steps:
@@ -95,6 +96,13 @@ jobs:
9596
artifact-name: cas.cyclonedx.json
9697
output-file: /tmp/sbom.cas.cyclonedx.json
9798

99+
- uses: anchore/sbom-action@c6aed38a4323b393d05372c58a74c39ae8386d02 # v0.15.6
100+
with:
101+
image: ${{ env.CONTAINER_IMAGE_CLI }}
102+
format: cyclonedx-json
103+
artifact-name: cli.cyclonedx.json
104+
output-file: /tmp/sbom.cli.cyclonedx.json
105+
98106
- name: Add Attestation from Goreleaser Output
99107
run: |
100108
jq -r . <<< '${{ steps.release.outputs.artifacts }}' > /tmp/artifacts.json

.github/workflows/release.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,12 @@ jobs:
4343
tag=$(echo -n ${{github.ref}} | cut -d / -f3)
4444
gh release download $tag -D /tmp/github-release
4545
for entry in $(ls /tmp/github-release); do
46+
# If the name is cas.cyclonedx.json, controlplane.cyclonedx.json or cli.cyclonedx.json, we need to add the attestation with the correct name
47+
if [[ $entry =~ ^(cas|controlplane|cli)\.cyclonedx\.json$ ]]; then
48+
name=$(echo -n "${entry%.json}" | sed 's/\./-/g')
49+
chainloop attestation add --value "/tmp/github-release/$entry" --name "$name"
50+
continue
51+
fi
4652
chainloop attestation add --value "/tmp/github-release/$entry"
4753
done
4854

0 commit comments

Comments
 (0)