Merge pull request #194 from interlynk-io/surendrapathak-patch-5

sbomgr SBOM push workflow

.github/workflows/sbom.yml

@@ -0,0 +1,36 @@
+name: Build and Push SBOM to Interlynk
+
+on:
+  release:
+    types:
+      - created
+
+jobs:
+  build-sbom:
+    name: SBOM build and Push to Platform
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3 
+        with:
+            fetch-depth: 0
+      - name: Download syft binary
+        run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
+      - name: Run syft
+        run: syft version
+      - name: Get Tag
+        id: get_tag
+        run: echo "tag=$(git describe --tags HEAD)" > $GITHUB_ENV
+      - name: Build SBOM
+        run: |
+          syft --source-name 'sbomqs' --source-version ${{ env.tag }} --exclude ./public -o cyclonedx-json --file sbomqs.cdx.json .
+      - name: Upload SBOM
+        run: |
+          curl -v "https://api.interlynk.io/lynkapi" \
+            -H "Authorization: Bearer ${{ secrets.INTERLYNK_SECURITY_TOKEN }}" \
+            -F 'operations={"query":"mutation uploadSbom($doc: Upload!, $projectId: ID!) { sbomUpload(input: { doc: $doc, projectId: $projectId }) { errors } }","variables":{"doc":null,"projectId": "${{ vars.INTERLYNK_PRODUCT_ID }}" }}' \
+            -F 'map={"0":["variables.doc"]}' \
+            -F '0=@"sbomqs.cdx.json";type=application/json'