Skip to content
Validate SPDX Conformance

build(deps): bump sigs.k8s.io/release-utils from 0.8.1 to 0.8.2 in the all group #353

Sign in to view logs

build(deps): bump sigs.k8s.io/release-utils from 0.8.1 to 0.8.2 in the all group

build(deps): bump sigs.k8s.io/release-utils from 0.8.1 to 0.8.2 in the all group #353

Workflow file for this run

.github/workflows/verify-spdx.yaml at 99b5b6a
name: Validate SPDX Conformance
on:
pull_request:
branches: ['main']
jobs:
check-spdx:
name: Check SPDX SBOMs
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v3.3.0
with:
go-version: '1.22'
check-latest: true
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
- run: |
go run ./cmd/bom/main.go generate -i registry.k8s.io/pause > example-image-pause.spdx
go run ./cmd/bom/main.go generate --format=json -i registry.k8s.io/pause > example-image-pause.spdx.json
- uses: chainguard-dev/actions/setup-spdx@d886686603afb809f7ef9b734b333e20b7ce5cda
with:
spdx-tools-version: 1.1.0
- uses: chainguard-dev/actions/setup-spdx@d886686603afb809f7ef9b734b333e20b7ce5cda
with:
download: false
spdx-tools-version: 1.1.0
sbom-path: example-image-pause.spdx
- uses: chainguard-dev/actions/setup-spdx@d886686603afb809f7ef9b734b333e20b7ce5cda
with:
download: false
spdx-tools-version: 1.1.0
sbom-path: example-image-pause.spdx.json
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: ${{ always() }}
with:
name: Example SBOMs
path: |
example-image-pause.spdx
example-image-pause.spdx.json