Skip to content

Bump anchore/sbom-action from 0.17.8 to 0.17.9 (#1125) #2355

Bump anchore/sbom-action from 0.17.8 to 0.17.9 (#1125)

Bump anchore/sbom-action from 0.17.8 to 0.17.9 (#1125) #2355

Workflow file for this run

name: build
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
env:
FORCE_COLOR: 1
permissions:
contents: read
jobs:
build:
name: ${{ matrix.os }}
runs-on: ${{ matrix.os }}
permissions:
attestations: write
contents: read
id-token: write
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
os-name: macos
- os: ubuntu-latest
os-name: linux
- os: windows-latest
os-name: windows
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Node
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: '20.x'
- name: Get npm cache directory
id: npm-cache-dir
shell: pwsh
run: echo "dir=$(npm config get cache)" >> ${env:GITHUB_OUTPUT}
- name: Setup npm cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
id: npm-cache
with:
path: ${{ steps.npm-cache-dir.outputs.dir }}
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: ${{ runner.os }}-node-
- name: Install packages
run: npm ci
- name: Build and Test
shell: pwsh
run: ./build.ps1
- uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1
name: Upload coverage to Codecov
with:
flags: ${{ matrix.os-name }}
token: ${{ secrets.CODECOV_TOKEN }}
- name: Generate SBOM
uses: anchore/sbom-action@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9
if: runner.os == 'Linux'
with:
artifact-name: update-dotnet-sdk.spdx.json
output-file: update-dotnet-sdk.spdx.json
path: .
- name: Attest dist
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
if: |
runner.os == 'Linux' &&
github.ref_name == github.event.repository.default_branch
with:
subject-path: ./dist/**/*.js
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Add actionlint problem matcher
run: echo "::add-matcher::.github/actionlint-matcher.json"
- name: Lint workflows
uses: docker://rhysd/actionlint@sha256:82244e1db1c60d82c7792180a48dd0bcb838370bb589d53ff132503fc9485868 # v1.7.4
with:
args: -color