atlas-cli-plugin-terraform/.github/workflows/generate-augmented-sbom.yml at main · mongodb-labs/atlas-cli-plugin-terraform · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
name: Augment SBOM

on:
  workflow_dispatch:
    inputs:
      release_version:
        description: "Release version (e.g. 3.12.1)"
        required: true
        type: string

permissions:
  id-token: write
  contents: read

jobs:
  augment-sbom:
    runs-on: ubuntu-latest
    env:
      KONDUKTO_TOKEN: ${{ secrets.KONDUKTO_TOKEN }}
      KONDUKTO_REPO: ${{ vars.KONDUKTO_REPO }}
      KONDUKTO_BRANCH_PREFIX: ${{ vars.KONDUKTO_BRANCH_PREFIX }}
      SILKBOMB_IMG: ${{ vars.SILKBOMB_IMG }}
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd

      - name: Get current date
        id: date
        run: echo "date=$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT"

      - name: Augment SBOM with Kondukto
        env:
          RELEASE_VERSION: ${{ inputs.release_version }}
        run: ./scripts/compliance/augment-sbom.sh
      - name: Generate SSDLC report
        env:
            AUTHOR: ${{ github.actor }}
            VERSION: ${{ inputs.release_version }}
            AUGMENTED_REPORT: "true"
        run: ./scripts/compliance/gen-ssdlc-report.sh

      - name: Upload augmented SBOM as artifact
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
        with:
          name: augmented_sbom_and_ssdlc_report
          path: |
            compliance/augmented-sbom-v${{ inputs.release_version }}-${{ steps.date.outputs.date }}.json
            compliance/ssdlc-compliance-${{ inputs.release_version }}-${{ steps.date.outputs.date }}.md
          if-no-files-found: error