reconfigure workflow

puzzle · Dec 4, 2023 · 8d44bc6 · 8d44bc6
1 parent db4f875
commit 8d44bc6
Showing 1 changed file with 39 additions and 15 deletions.
diff --git a/.github/workflows/owasp-dt-check.yml b/.github/workflows/owasp-dt-check.yml
@@ -1,19 +1,43 @@
-name: 'Dependency-Track'
+name: SBOM Generator
 
-on: [push]
+on:
+  push:
+    branches:
+      - '*'
+  workflow_dispatch:
+    permissions: read-all
 jobs:
-  build:
+  generate-and-push-sbom:
     runs-on: ubuntu-latest
+
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v2
-      # Generates a BoM and uploads it to OWASP Dependency Track
-      - name: Generates BoM and upload to OWASP DTrack
-        id: riskscoreFromDT
-        uses: Quobis/action-owasp-dependecy-track-check@main
-        with:
-          url: 'https://deptrack.ocp.cloudscale.puzzle.ch/api/v1/bom'
-          key: '${{ secrets.SECRET_OWASP_DT_KEY }}'
-          language: 'java'
-      - name: Get the output time
-        run: echo "The risk score of the project is ${{ steps.riskscoreFromDT.outputs.riskscore }}"
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - name: Install cdxgen
+        working-directory: frontend
+        run: npm install -g @cyclonedx/[email protected]
+
+      - name: 'Generate SBOM for maven dependencies'
+        working-directory: backend
+        run: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom
+
+      - name: 'Generate SBOM for npm dependencies'
+        working-directory: frontend
+        run: cdxgen -o ../target/sbom-npm.xml -t npm .
+
+      - name: 'Merge frontend and backend SBOMs'
+        run: |
+          docker run --rm -v $(pwd):/data cyclonedx/cyclonedx-cli merge --input-files backend/target/bom.xml target/sbom-npm.xml --output-file target/sbom.xml
+
+      - name: 'Push merged SBOM to dependency track'
+        env:
+          PROJECT_NAME: okr
+        run: |
+          curl --verbose -s --location --request POST ${{ variables.DEPENDENCY_TRACK_URL }} \
+          --header "X-Api-Key: ${{ secrets.SECRET_OWASP_DT_KEY }}" \
+          --header "Content-Type: multipart/form-data" \
+          --form "autoCreate=true" \
+          --form "projectName=${PROJECT_NAME:-$GITHUB_REPOSITORY}" \
+          --form "projectVersion=latest" \
+          --form "[email protected]"