Skip to content

SBOM

SBOM #5

Workflow file for this run

name: SBOM
on:
push:
branches:
- main
pull_request:
merge_group:
workflow_dispatch:
jobs:
sbom:
strategy:
fail-fast: false
# matrix:
# package: ['./api/', './packages/opentelemetry-core/']
runs-on: ubuntu-latest
env:
NPM_CONFIG_UNSAFE_PERM: true
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: 18
- run: npm install -g npm@latest
- name: Bootstrap
run: npm ci
# - name: Build 🔧
# run: npm run compile
- uses: anchore/sbom-action@v0
with:
path: ./
artifact-name: root.spdx.json
- uses: anchore/sbom-action@v0
with:
path: ./api/
artifact-name: api.spdx.json
- uses: anchore/sbom-action@v0
with:
path: ./packages/opentelemetry-core/
artifact-name: core.spdx.json
- uses: anchore/sbom-action@v0
with:
path: ./experimental/packages/opentelemetry-sdk-node/
artifact-name: sdk-node.spdx.json