Add generating cyclonedx SBOM to github actions CI workflow #42
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI-WORKFLOW | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| permissions: | |
| contents: read | |
| env: | |
| ACCOUNT_ID: ${{ secrets.ACCOUNT_ID }} | |
| API_KEY: ${{ secrets.API_KEY }} | |
| jobs: | |
| run-cyclonedx: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Log in to the github container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate CycloneDX SBOM | |
| run: | | |
| docker pull ghcr.io/cyclonedx/cdxgen-python:v11 | |
| docker run --rm -e FETCH_LICENSE=true -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python310:v11 -r /app -o /app/sbom.json -t python --profile license-compliance | |
| - name: Upload BOM to Dependency-Track | |
| run: | | |
| curl -v -X POST https://${{ secrets.DEPENDENCYTRACK_HOSTNAME }}/api/v1/bom \ | |
| -H 'Content-Type: multipart/form-data' \ | |
| -H 'X-Api-Key: ${{ secrets.DEPENDENCYTRACK_APIKEY }}' \ | |
| -F 'autoCreate=true' \ | |
| -F 'projectName=python' \ | |
| -F 'projectVersion= ${{ github.sha }}' \ | |
| -F 'parentName=sift-python' \ | |
| -F 'isLatest=true' \ | |
| -F "bom=@sbom.json" | |
| #- name: Upload BOM to Dependency-Track | |
| # uses: DependencyTrack/gh-upload-sbom@v3 | |
| # with: | |
| # serverHostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }} | |
| # apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }} | |
| # projectName: 'python' | |
| # projectVersion: ${{ github.sha }} | |
| # bomFilename: "sbom.json" | |
| # autoCreate: true | |
| # parentName: 'sift-python' | |
| # env: | |
| # ACTIONS_STEP_DEBUG: true | |
| build-and-test-python3: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python 3.10 | |
| uses: actions/setup-python@v3 | |
| with: | |
| python-version: "3.10.14" | |
| - name: Install the library | |
| run: | | |
| pip install -e . | |
| - name: Run linters | |
| run: | | |
| pip install -U pre-commit | |
| pre-commit run -v --all-files | |
| - name: Run tests | |
| run: | | |
| python -m unittest discover | |
| run-integration-tests-python3: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.ref == 'refs/heads/master' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python 3.10 | |
| uses: actions/setup-python@v3 | |
| with: | |
| python-version: "3.10.14" | |
| - name: Run integration tests | |
| run: | | |
| pip install . | |
| python test_integration_app/main.py |