Skip to content

Commit 05e88d4

Browse files
author
Andre Vieira
committed
chore(actions): cyclonedx sbom
1 parent f4b422a commit 05e88d4

File tree

1 file changed

+3
-28
lines changed

1 file changed

+3
-28
lines changed

.github/workflows/prereleased.yml

Lines changed: 3 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,6 @@ env:
1616

1717
AWS_S3_REGION: ${{ secrets.AWS_S3_REGION }}
1818
SBOM_FILENAME: docker-sbom
19-
NOTION_DATABASE_ID: ${{ secrets.NOTION_REPOS_DATABASE_ID }}
2019

2120

2221

@@ -90,21 +89,9 @@ jobs:
9089
with:
9190
upload-artifact-retention: 1
9291
image: ${{ steps.docker_build.outputs.imageId }}
93-
format: spdx-json
92+
format: cyclonedx-json
9493
upload-release-assets: false
95-
output-file: ${{ env.SBOM_FILENAME }}.spdx.json
96-
97-
- name: Scan SBOM
98-
id: scan_sbom
99-
uses: anchore/scan-action@v3
100-
with:
101-
sbom: ${{ env.SBOM_FILENAME }}.spdx.json
102-
output-format: sarif
103-
fail-build: false
104-
105-
- name: Determine number of noticiable vulnerabilities
106-
id: count_vulnerabilities
107-
run: echo "value=$(grep -cE "(medium|high|critical) vulnerability" ${{ steps.scan_sbom.outputs.sarif }})" >> $GITHUB_OUTPUT
94+
output-file: ${{ env.SBOM_FILENAME }}.cyclonedx.json
10895

10996
- name: Configure AWS credentials
11097
uses: aws-actions/configure-aws-credentials@v4
@@ -114,19 +101,7 @@ jobs:
114101

115102
- name: Copy SBOM to S3
116103
run: |
117-
aws s3 cp ${{ env.SBOM_FILENAME }}.spdx.json s3://repos-sboms/${{ github.event.repository.name }}/command-${{ env.SBOM_FILENAME }}.spdx.json
118-
aws s3 cp ${{ steps.scan_sbom.outputs.sarif }} s3://repos-sboms/${{ github.event.repository.name }}/command-${{ env.SBOM_FILENAME }}-scan.sarif
119-
120-
- name: Update Notion Page
121-
uses: ydataai/update-notion-page@v1
122-
env:
123-
STATUS_ICON: ${{ steps.count_vulnerabilities.outputs.value == '0' && '"✅"' || '"⚠️"' }}
124-
STATUS_URL: ${{ steps.count_vulnerabilities.outputs.value == '0' && 'null' || format('{{"url":"https://s3.console.aws.amazon.com/s3/buckets/repos-sboms?region={0}&prefix={1}/{2}-{3}-scan.sarif"}}', env.AWS_S3_REGION, github.event.repository.name, 'manager', env.SBOM_FILENAME) }}
125-
with:
126-
notion_secret: ${{ secrets.NOTION_SECRET }}
127-
notion_database_id: ${{ env.NOTION_DATABASE_ID }}
128-
notion_database_query_filter: '{ "property": "Repo", "title": { "equals": "${{ github.event.repository.name }}" } }'
129-
notion_page_update_properties: '{ "Docker Scan": { "rich_text": [ { "text": { "content": ${{ env.STATUS_ICON }}, "link": ${{ env.STATUS_URL }} } } ] }, "SBOMS": { "url": "https://s3.console.aws.amazon.com/s3/buckets/repos-sboms?region=${{ env.AWS_S3_REGION }}&prefix=${{ github.event.repository.name }}/" } }'
104+
aws s3 cp ${{ env.SBOM_FILENAME }}.cyclonedx.json s3://repos-sboms/${{ github.event.repository.name }}/${{ env.SBOM_FILENAME }}.cyclonedx.json
130105
131106
- name: Login to Dockerhub Registry
132107
uses: docker/login-action@v3

0 commit comments

Comments
 (0)