karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5110 from zhzhuang-zju/sbom 

add sbom to release assests
This commit is contained in:
karmada-bot 2024-07-01 10:42:56 +08:00 committed by GitHub
parent c0118efd9a 66fe40bf99
commit 992802084f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
.github/workflows/release.yml vendored
View File

@ -78,6 +78,26 @@ jobs:
_output/charts/karmada-chart-${{ github.ref_name }}.tgz.sha256
_output/charts/karmada-operator-chart-${{ github.ref_name }}.tgz
_output/charts/karmada-operator-chart-${{ github.ref_name }}.tgz.sha256
sbom-assests:
name: Release sbom
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Generate sbom for karmada file system
uses: aquasecurity/trivy-action@0.23.0
with:
scan-type: 'fs'
format: 'spdx'
output: 'sbom-karmada.spdx'
scan-ref: "/github/workspace/"
- name: Tar the sbom files
run: |
tar -zcf sbom.tar.gz *.spdx
- name: Uploading sbom assets...
uses: softprops/action-gh-release@v2
with:
files: |
sbom.tar.gz
update-krew-index:
needs: release-assests
name: Update krew-index