Skip to content

Workflow file for this run

name: Build and Push SBOM to Interlynk
on:
release:
types:
- created
jobs:
build-sbom:
name: SBOM build and Push to Platform
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
steps:
- name: Checkout Repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Download syft binary
run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
- name: Run syft
run: syft version
- name: Get Tag
id: get_tag
run: echo "tag=$(git describe --tags HEAD)" > $GITHUB_ENV
- name: Build SBOM
run: |
syft --source-name 'sbomqs' --source-version ${{ env.tag }} --exclude ./public --exclude ./.github -o cyclonedx-json --file sbomqs.cdx.json .
- name: Upload SBOM
run: |
curl -v "https://api.interlynk.io/lynkapi" \
-H "Authorization: Bearer ${{ secrets.INTERLYNK_SECURITY_TOKEN }}" \
-F 'operations={"query":"mutation uploadSbom($doc: Upload!, $projectId: ID!) { sbomUpload(input: { doc: $doc, projectId: $projectId }) { errors } }","variables":{"doc":null,"projectId": "${{ vars.INTERLYNK_PRODUCT_ID }}" }}' \
-F 'map={"0":["variables.doc"]}' \
-F '0=@"sbomqs.cdx.json";type=application/json'