generated from kubernetes/kubernetes-template-project
-
Notifications
You must be signed in to change notification settings - Fork 51
44 lines (37 loc) · 1.42 KB
/
verify-spdx.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
name: Validate SPDX Conformance
on:
pull_request:
branches: ['main']
jobs:
check-spdx:
name: Check SPDX SBOMs
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v3.3.0
with:
go-version: '1.22'
check-latest: true
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- run: |
go run ./cmd/bom/main.go generate -i registry.k8s.io/pause > example-image-pause.spdx
go run ./cmd/bom/main.go generate --format=json -i registry.k8s.io/pause > example-image-pause.spdx.json
- uses: chainguard-dev/actions/setup-spdx@d886686603afb809f7ef9b734b333e20b7ce5cda
with:
spdx-tools-version: 1.1.0
- uses: chainguard-dev/actions/setup-spdx@d886686603afb809f7ef9b734b333e20b7ce5cda
with:
download: false
spdx-tools-version: 1.1.0
sbom-path: example-image-pause.spdx
- uses: chainguard-dev/actions/setup-spdx@d886686603afb809f7ef9b734b333e20b7ce5cda
with:
download: false
spdx-tools-version: 1.1.0
sbom-path: example-image-pause.spdx.json
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
if: ${{ always() }}
with:
name: Example SBOMs
path: |
example-image-pause.spdx
example-image-pause.spdx.json