From 88cc4fa499d6b12769f6b9e0d717ce30a0fb878c Mon Sep 17 00:00:00 2001 From: Jie Lin Date: Thu, 8 May 2025 14:38:20 -0700 Subject: [PATCH 1/4] Add cyclonedx to github actions CI workflow --- .github/workflows/ci.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cff872f..6ff84ce 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,6 +16,22 @@ env: API_KEY: ${{ secrets.API_KEY }} jobs: + run-cyclonedx: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Log in to the github container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Generate CycloneDX SBOM + run: | + docker pull ghcr.io/cyclonedx/cdxgen-python:v11 + docker run --rm -e FETCH_LICENSE=true -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python310:v11 -r /app -o /app/sift-bom.json -t python --profile license-compliance + build-and-test-python3: runs-on: ubuntu-latest steps: From 76b572e823f27f1289d9b89b1d739317f82d105c Mon Sep 17 00:00:00 2001 From: Jie Lin Date: Mon, 12 May 2025 12:13:31 -0700 Subject: [PATCH 2/4] update --- .github/workflows/ci.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6ff84ce..d4d0c5f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - name: Log in to the github container registry - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} @@ -30,7 +30,17 @@ jobs: - name: Generate CycloneDX SBOM run: | docker pull ghcr.io/cyclonedx/cdxgen-python:v11 - docker run --rm -e FETCH_LICENSE=true -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python310:v11 -r /app -o /app/sift-bom.json -t python --profile license-compliance + docker run --rm -e FETCH_LICENSE=true -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python310:v11 -r /app -o /app/sbom.json -t python --profile license-compliance + - name: Upload BOM to Dependency-Track + uses: DependencyTrack/gh-upload-sbom@v3 + with: + serverHostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }} + apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }} + projectName: 'python' + projectVersion: ${{ github.sha }} + bomFilename: "sbom.json" + autoCreate: true + parentName: 'sift-python' build-and-test-python3: runs-on: ubuntu-latest From 4feebecf12e3154ebfe3be2b067cb6831123ac33 Mon Sep 17 00:00:00 2001 From: Jie Lin Date: Mon, 12 May 2025 12:54:35 -0700 Subject: [PATCH 3/4] update --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d4d0c5f..39360c3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,6 +41,8 @@ jobs: bomFilename: "sbom.json" autoCreate: true parentName: 'sift-python' + env: + ACTIONS_STEP_DEBUG: true build-and-test-python3: runs-on: ubuntu-latest From eb6d6899a64ecb7731e84e2517084f4642df035b Mon Sep 17 00:00:00 2001 From: Jie Lin Date: Mon, 12 May 2025 14:11:34 -0700 Subject: [PATCH 4/4] update --- .github/workflows/ci.yml | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 39360c3..535a1fa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,17 +32,28 @@ jobs: docker pull ghcr.io/cyclonedx/cdxgen-python:v11 docker run --rm -e FETCH_LICENSE=true -e CDXGEN_DEBUG_MODE=debug -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-python310:v11 -r /app -o /app/sbom.json -t python --profile license-compliance - name: Upload BOM to Dependency-Track - uses: DependencyTrack/gh-upload-sbom@v3 - with: - serverHostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }} - apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }} - projectName: 'python' - projectVersion: ${{ github.sha }} - bomFilename: "sbom.json" - autoCreate: true - parentName: 'sift-python' - env: - ACTIONS_STEP_DEBUG: true + run: | + curl -v -X POST https://${{ secrets.DEPENDENCYTRACK_HOSTNAME }}/api/v1/bom \ + -H 'Content-Type: multipart/form-data' \ + -H 'X-Api-Key: ${{ secrets.DEPENDENCYTRACK_APIKEY }}' \ + -F 'autoCreate=true' \ + -F 'projectName=python' \ + -F 'projectVersion= ${{ github.sha }}' \ + -F 'parentName=sift-python' \ + -F 'isLatest=true' \ + -F "bom=@sbom.json" + #- name: Upload BOM to Dependency-Track + # uses: DependencyTrack/gh-upload-sbom@v3 + # with: + # serverHostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }} + # apiKey: ${{ secrets.DEPENDENCYTRACK_APIKEY }} + # projectName: 'python' + # projectVersion: ${{ github.sha }} + # bomFilename: "sbom.json" + # autoCreate: true + # parentName: 'sift-python' + # env: + # ACTIONS_STEP_DEBUG: true build-and-test-python3: runs-on: ubuntu-latest