Skip to content

docs: add json extension for generated sbom #208

docs: add json extension for generated sbom

docs: add json extension for generated sbom #208

Workflow file for this run

---
name: CI on Main
on:
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
jobs:
compute-next-semantic-version:
permissions:
id-token: "write"
contents: "write" # FIXME this should not require write permission.
uses: semantic-release-action/next-release-version/.github/workflows/next-release-version.yml@v4
test:
name: Test Suite
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
components: rustfmt
- name: run cargo test
run: cargo test --all-features
create-new-release:
name: Create the new release as a draft
# If the version is empty, it means there is no new version to publish.
if: ${{ needs.compute-next-semantic-version.outputs.new-release-version != '' }}
permissions:
id-token: "write"
contents: "write" # This is required to create the GH release
runs-on: ubuntu-latest
needs:
- compute-next-semantic-version
env:
NEW_TAG: "v${{ needs.compute-next-semantic-version.outputs.new-release-version }}"
outputs:
release-id: ${{ steps.create-new-release.outputs.release-id }}
release-url: ${{ steps.create-new-release.outputs.release-url }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Check if a release already exists for that version
run: |
current_release=$(
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ github.token }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/${{ github.repository }}/releases/tags/${{ env.NEW_TAG }}
)
error_message=$(echo "$new_release" | jq ".message // empty")
if [[ -n "$error_message" ]]; then
echo "Could not verify if a release exist for ${{ env.NEW_TAG }}: $error_message"
exit 1
fi
current_release_name=$(echo "$current_release" | jq ".name // empty")
if [[ -n "$current_release_name" ]]; then
echo "A release already exists for version ${{ env.NEW_TAG }}."
exit 1
fi
- name: Create the new release
id: create-new-release
run: |
echo "Creating new release ${{ env.NEW_TAG }}"
release_payload=$(jq -n '{
"tag_name": "${{ env.NEW_TAG }}",
"target_commitish": "${{ github.sha }}",
"name": "${{ env.NEW_TAG }}",
"prerelease": false,
"draft": true,
"generate_release_notes": true
}')
new_release=$(curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ github.token }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/${{ github.repository }}/releases \
-d "$release_payload"
)
new_release_id=$(echo "$new_release" | jq ".id")
if [[ "$new_release_id" == "null" ]]; then
error_message=$(echo "$new_release" | jq ".message")
echo "Could not create new release: $error_message"
exit 1
fi
echo "release-id=$new_release_id" >> "$GITHUB_OUTPUT"
echo "release-id = $new_release_id"
new_release_url="https://uploads.github.com/repos/${{ github.repository }}/releases/$new_release_id/assets"
echo "release-url=$new_release_url" >> "$GITHUB_OUTPUT"
echo "release-url = $new_release_url"
build-binary:
runs-on: ubuntu-latest
permissions:
id-token: "write"
contents: "write" # This is required to add artifacts to the GH release
needs:
- create-new-release
steps:
- uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@da36cb69b1c3247ad7a1f931ebfd954a1105ef14 # v14
- name: Build the artifact
run: |
nix develop .#musl -c cargo build --release
- name: Add artifact to the release
env:
binary_path: "nix2sbom-x86_64-unknown-linux-musl"
artifact_path: "./target/x86_64-unknown-linux-musl/release/nix2sbom"
run: |
checksum_path="${{ env.binary_path }}.sha256sum"
cp "$artifact_path" "$binary_path"
sha256sum "${{ env.binary_path }}" > "$checksum_path"
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ github.token }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
-H "Content-Type: application/octet-stream" \
"${{ needs.create-new-release.outputs.release-url }}?name=${{ env.binary_path }}&label=${{ env.binary_path }}" \
--data-binary "@${{ env.binary_path }}"
echo "Uploaded the artifact to the GitHub release"
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ github.token }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
-H "Content-Type: application/octet-stream" \
"${{ needs.create-new-release.outputs.release-url }}?name=$checksum_path&label=$checksum_path" \
--data-binary "@$checksum_path"
echo "Uploaded the artifact checksum to the GitHub release"
publish-github-release:
name: Publish (undraft) the release
runs-on: ubuntu-latest
permissions:
id-token: "write"
contents: "write"
needs:
- create-new-release
- build-binary
steps:
- name: Publish the release
run: |
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ github.token }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/${{ github.repository }}/releases/${{ needs.create-new-release.outputs.release-id }} \
-d '{"draft": false}'
publish-flakehub-release:
# If the version is empty, it means there is no new version to publish.
if: ${{ needs.compute-next-semantic-version.outputs.new-release-version != '' }}
needs:
- test
- compute-next-semantic-version
- publish-github-release
runs-on: ubuntu-latest
permissions:
id-token: "write"
contents: "read"
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@da36cb69b1c3247ad7a1f931ebfd954a1105ef14 # v14
- run: |
: build the nix flake
nix build .#
- uses: DeterminateSystems/flakehub-push@8da9e38b7e77f2b0a8aa08a22e57cc5c6316ea72 # v5
with:
visibility: "public"
rolling: false
tag: "v${{ needs.compute-next-semantic-version.outputs.new-release-version }}"