Skip to content

Merge pull request #697 from k0sproject/dependabot/go_modules/github.… #272

Merge pull request #697 from k0sproject/dependabot/go_modules/github.…

Merge pull request #697 from k0sproject/dependabot/go_modules/github.… #272

Workflow file for this run

name: SBOM upload
on:
workflow_dispatch:
push:
branches:
- main
jobs:
sbom-upload:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
steps:
- uses: actions/checkout@v4
- name: Generate SBOM
env:
COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: |
mkdir -p sbom && chmod 777 sbom
echo $COSIGN_KEY | base64 -d > cosign.key
make sign-sbom
- uses: actions/upload-artifact@v4
with:
name: sbom
path: sbom/
- name: SBOM upload
uses: advanced-security/[email protected]
with:
filePath: sbom/spdx.json