CLOUDP-316920: Generate PURLs for windows and darwin os #38

Summary
Jobs
- augment-sbom
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/generate-augmented-sbom.yml at 6d8189b

	name: Augment SBOM

	on:
	workflow_dispatch:
	inputs:
	release_version:
	description: "Release version (e.g. 1.42.2)"
	required: true
	type: string
	pull_request:

	permissions:
	id-token: write
	contents: read

	jobs:
	augment-sbom:
	runs-on: ubuntu-latest

	env:
	KONDUKTO_TOKEN: ${{ secrets.KONDUKTO_TOKEN }}
	KONDUKTO_REPO: ${{ vars.KONDUKTO_REPO }}
	KONDUKTO_BRANCH_PREFIX: ${{ vars.KONDUKTO_BRANCH_PREFIX }}
	SILKBOMB_IMG: ${{ vars.SILKBOMB_IMG }}

	steps:
	- uses: GitHubSecurityLab/actions-permissions/monitor@v1
	with:
	config: ${{ vars.PERMISSIONS_CONFIG }}

	- name: Checkout repo
	uses: actions/checkout@v4

	- uses: actions/setup-go@v5
	with:
	go-version-file: 'go.mod'

	- name: Download binaries
	run: \|
	curl -L "https://github.com/mongodb/mongodb-atlas-cli/releases/download/atlascli%2Fv${{ inputs.release_version \|\| '1.43.2' }}/mongodb-atlas-cli_${{ inputs.release_version \|\| '1.43.2' }}_linux_arm64.tar.gz" \
	-o linux.tar.gz
	curl -L "https://github.com/mongodb/mongodb-atlas-cli/releases/download/atlascli%2Fv${{ inputs.release_version \|\| '1.43.2' }}/mongodb-atlas-cli_${{ inputs.release_version \|\| '1.43.2' }}_macos_x86_64.zip" \
	-o darwin.zip
	curl -L "https://github.com/mongodb/mongodb-atlas-cli/releases/download/atlascli%2Fv${{ inputs.release_version \|\| '1.43.2' }}/mongodb-atlas-cli_${{ inputs.release_version \|\| '1.43.2' }}_windows_x86_64.zip" \
	-o windows.zip

	- name: Extract binary
	run: \|
	tar -xzf linux.tar.gz -C ./linux
	unzip -o darwin.zip -d ./darwin
	unzip -o windows.zip -d ./windows

	- name: Generate PURLs from binary
	run: \|
	# Generate Linux purls
	go version -m ./linux/bin/atlas \| \
	awk '$1 == "dep" \|\| $1 == "=>" { print "pkg:golang/" $2 "@" $3 }' \| \
	LC_ALL=C sort > purls-linux.txt
	# Generate Darwin purls
	go version -m ./darwin/bin/atlas \| \
	awk '$1 == "dep" \|\| $1 == "=>" { print "pkg:golang/" $2 "@" $3 }' \| \
	LC_ALL=C sort > purls-darwin.txt
	# Generate Windows purls
	go version -m ./windows/bin/atlas \| \
	awk '$1 == "dep" \|\| $1 == "=>" { print "pkg:golang/" $2 "@" $3 }' \| \
	LC_ALL=C sort > purls-windows.txt
	# Merge purls
	cat purls-linux.txt purls-darwin.txt purls-windows.txt \| LC_ALL=C sort \| uniq > purls.txt
	cat purls.txt

	- name: Generate SBOM with Silkbomb
	run: \|
	docker run \
	--pull=always \
	--platform="linux/amd64" \
	--rm \
	-v "${PWD}:/pwd" \
	"${SILKBOMB_IMG}" \
	update \
	--purls "/pwd/purls.txt" \
	--sbom-out "/pwd/sbom_lite.json"
	echo "SBOM lite generated:"
	cat "sbom_lite.json"

	- name: Get current date
	id: date
	run: \|
	echo "date=$(date +'%Y-%m-%d')" >> "$GITHUB_ENV"

	- name: Augment SBOM with Kondukto
	run: \|
	docker run \
	--pull=always \
	--platform="linux/amd64" \
	--rm \
	-v "${PWD}:/pwd" \
	-e "KONDUKTO_TOKEN=${KONDUKTO_TOKEN}" \
	"${SILKBOMB_IMG}" \
	augment \
	--sbom-in "/pwd/sbom_lite.json" \
	--repo "${KONDUKTO_REPO}" \
	--branch "${KONDUKTO_BRANCH_PREFIX}-linux-arm64" \
	--sbom-out "/pwd/linux-amd64-augmented-sbom-v${{ inputs.release_version \|\| '1.43.2' }}-${{ env.date }}.json"

	- name: Generate SSDLC report
	env:
	AUTHOR: ${{ github.actor }}
	VERSION: ${{ inputs.release_version \|\| '1.43.2' }}
	AUGMENTED_REPORT: "true"
	run: ./build/package/gen-ssdlc-report.sh

	- name: Upload augmented SBOM as artifact
	uses: actions/upload-artifact@v4
	with:
	name: augmented_sbom_and_ssdlc_report
	path: \|
	linux-amd64-augmented-sbom-v${{ inputs.release_version \|\| '1.43.2' }}-${{ env.date }}.json
	ssdlc-compliance-${{ inputs.release_version \|\| '1.43.2' }}-${{ env.date }}.md
	if-no-files-found: error

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CLOUDP-316920: Generate PURLs for windows and darwin os #38

Workflow file

CLOUDP-316920: Generate PURLs for windows and darwin os #38

Uh oh!

Jobs

Run details

Workflow file for this run