fix(ci): generate sbom during release process

Closes #5033
apache · Jan 9, 2024 · 8118444 · 8118444
1 parent 968d3c0
commit 8118444
Show file tree

Hide file tree

Showing 8 changed files with 29 additions and 5,893 deletions.
diff --git a/.github/actions/automatic-updates/action.yml b/.github/actions/automatic-updates/action.yml
@@ -62,20 +62,6 @@ runs:
         make generate codegen update-docs
         git add -A && git commit -m 'chore: autogenerated project resource update' && echo "autogenerated=1" >> $GITHUB_ENV || echo "No changes to autogenerated project resources"
 
-    # SBOM
-    - name: Generate SBOM
-      uses: ./.github/actions/gh-go-mod-generate-sbom
-      with:
-        version: v1
-        args: mod -licenses -json -output camel-k-sbom/camel-k-sbom.json
-    - name: Commit SBOM
-      shell: bash
-      env:
-        CI_USER: "github-actions[bot]"
-        CI_EMAIL: "41898282+github-actions[bot]@users.noreply.github.com"
-      run: |
-        git add camel-k-sbom/camel-k-sbom.json && git commit -m 'chore: nightly SBOM update' && echo "sbom=1" >> $GITHUB_ENV || echo "No changes to SBOM"
-
     # Coverage badge
     - name: Run Test
       shell: bash
@@ -107,7 +93,7 @@ runs:
     # Git push
     - name: Push changes
       shell: bash
-      if: env.changelog == 1 || env.autogenerated == 1 || env.sbom == 1 || env.badge == 1
+      if: env.changelog == 1 || env.autogenerated == 1 || env.badge == 1
       env:
         CI_USER: "github-actions[bot]"
         CI_EMAIL: "41898282+github-actions[bot]@users.noreply.github.com"

diff --git a/.github/actions/release-nightly/action.yml b/.github/actions/release-nightly/action.yml
@@ -41,6 +41,7 @@ runs:
   using: "composite"
 
   steps:
+
     - name: Set up JDK ${{ inputs.javaVersion }}
       uses: actions/setup-java@v3
       with:
@@ -56,13 +57,15 @@ runs:
         cluster-config-data: ${{ inputs.secretE2ECluster }}
         cluster-kube-config-data: ${{ inputs.secretE2EKube }}
         smoke-test-only: true
+
     - name: Get nightly version and update date
       shell: bash
       run: |
         V="$(make get-version | sed s/-SNAPSHOT//)-nightly"
         D=$(date)
         echo "VERSION=$V" >> $GITHUB_ENV
         echo "UPD_DATE=$D" >> $GITHUB_ENV
+
     - name: Global Env
       shell: bash
       run: |
@@ -75,6 +78,7 @@ runs:
         MAVEN_REPOSITORY=$(make get-staging-repo)
         echo "Using MAVEN_REPOSITORY=$MAVEN_REPOSITORY"
         echo "MAVEN_REPOSITORY=$MAVEN_REPOSITORY" >> $GITHUB_ENV
+
     - name: Install newer docker CLI supporting multi platform build
       shell: bash
       run: |
@@ -89,24 +93,34 @@ runs:
         sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
         sudo apt-get update
         sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+
     - name: Set up QEMU (required by multi platform build)
       uses: docker/setup-qemu-action@v2
+
     - name: Login to Container Registry
       uses: docker/login-action@v2
       with:
         username: ${{ inputs.secretDockerHubUser }}
         password: ${{ inputs.secretDockerHubPassword }}
+
     - name: Build and release containers
       shell: bash
       run: |
         make VERSION=${{ env.VERSION }} IMAGE_NAME=${{ env.IMAGE_NAME }} images-nightly
         make IMAGE_ARCH=arm64 VERSION=${{ env.VERSION }} IMAGE_NAME=${{ env.IMAGE_NAME }} images-nightly
         make VERSION=${{ env.VERSION }} IMAGE_NAME=${{ env.IMAGE_NAME }} release-nightly
+
+    - name: Generate SBOM
+      uses: ./.github/actions/gh-go-mod-generate-sbom
+      with:
+        version: v1
+        args: mod -licenses -json -output sbom.json
+
     - name: Create Release
       id: create_release
       uses: ncipollo/release-action@58ae73b360456532aafd58ee170c045abbeaee37
       with:
-        artifacts: "./camel-k-client*.tar.gz"
+        artifacts: "./camel-k-client*.tar.gz,sbom.json"
         body: |
           Apache Camel K ${{ env.VERSION }} build for testing (unstable). This nightly release is using
           an **unsupported** operator image published as `${{ env.IMAGE_NAME }}:${{ env.VERSION }}` (default `amd64` architecture,
@@ -130,12 +144,14 @@ runs:
         replacesArtifacts: true
         tag: ${{ env.VERSION }}
         commit: main
+
     # If release was okey, we can also release the java extensions
     - name: Deploy Camel-K-CRDs to ASF Snapshots Repository
       working-directory: java/crds
       shell: bash
       run: |
         mvn clean deploy --settings ../../.github/asf-deploy-settings.xml -q
+
     - name: Deploy Camel-K-maven-logging to ASF Snapshots Repository
       working-directory: java/maven-logging
       shell: bash

diff --git a/.gitignore b/.gitignore
@@ -14,6 +14,7 @@
 
 # Released Packages
 *.tar.gz
+sbom.json
 
 # Release Notes
 /release-notes.md

diff --git a/PROJECT b/PROJECT
@@ -19,7 +19,7 @@ resources:
   kind: Integration
   version: v1
 - group: camel
-  kind: Binding
+  kind: Pipe
   version: v1
 - group: camel
   kind: Kamelet