generated from testifysec/demo-repo
-
Notifications
You must be signed in to change notification settings - Fork 0
56 lines (45 loc) · 1.4 KB
/
pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
name: pipeline
on:
push:
branches:
- 'main'
jobs:
build-image:
runs-on: ubuntu-latest
permissions:
packages: write
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
steps:
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}/swf
- name: Docker Login
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Setup Buildx
uses: docker/setup-buildx-action@v3
- name: Checkout Code
uses: actions/checkout@v4.1.1
- name: Build Image
shell: bash
run: |
docker buildx build -t ${{ steps.meta.outputs.tags }} --push .
- name: Generate SBOM
shell: bash
run: |
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
syft ${{ steps.meta.outputs.tags }} --source-name=pkg:oci/${{ github.repository }} -o cyclonedx-json --file sbom.cdx.json
- name: Upload SBOM
uses: actions/upload-artifact@v4.3.3
with:
name: sbom
path: sbom.cdx.json