Networks/Reticulum-Go
2
1
Fork 0
Code Issues 4 Pull Requests 1 Actions Packages Projects 1 Releases 1 Wiki Activity

feat: update SBOM workflow to include Trivy installation and improve commit logic
Some checks failed
Bearer / scan (push) Successful in 46s
Details
Go Build Multi-Platform / build (amd64, darwin) (push) Successful in 47s
Details
Go Build Multi-Platform / build (amd64, freebsd) (push) Successful in 46s
Details
Go Build Multi-Platform / build (amd64, linux) (push) Successful in 45s
Details
Go Build Multi-Platform / build (arm, linux) (push) Successful in 48s
Details
Go Build Multi-Platform / build (arm, freebsd) (push) Successful in 50s
Details
Go Build Multi-Platform / build (amd64, windows) (push) Successful in 53s
Details
Go Build Multi-Platform / build (arm, windows) (push) Successful in 46s
Details
Go Build Multi-Platform / build (arm64, darwin) (push) Successful in 49s
Details
Go Build Multi-Platform / build (arm64, freebsd) (push) Successful in 47s
Details
Go Build Multi-Platform / build (arm64, windows) (push) Successful in 43s
Details
Go Build Multi-Platform / build (arm64, linux) (push) Successful in 45s
Details
Go Build Multi-Platform / build (wasm, js) (push) Successful in 1m18s
Details
TinyGo Build / tinygo-build (tinygo-build, tinygo-default, reticulum-go-tinygo, ) (pull_request) Failing after 1m18s
Details
TinyGo Build / tinygo-build (tinygo-wasm, tinygo-wasm, reticulum-go.wasm, wasm) (pull_request) Failing after 1m16s
Details
Go Build Multi-Platform / Create Release (push) Has been skipped
Details
Go Revive Lint / lint (push) Successful in 1m3s
Details
Go Test Multi-Platform / Test (ubuntu-latest, arm64) (push) Successful in 1m23s
Details
Run Gosec / tests (push) Successful in 1m31s
Details
Go Test Multi-Platform / Test (ubuntu-latest, amd64) (push) Successful in 2m47s
Details

Browse Source
This commit is contained in:
ivan
2025-12-30 21:20:41 -06:00
parent 899b08e92e
commit 876476cff5
1 changed files with 11 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
.gitea/workflows/sbom.yml
View File

@@ -8,13 +8,14 @@ on:
jobs:
generate-sbom:
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0
ref: ${{ github.ref }}
- name: Setup Go
uses: https://git.quad4.io/actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
@@ -29,26 +30,24 @@ jobs:
- name: Install dependencies
run: task deps
- name: Download Trivy
run: |
curl -L -o /tmp/trivy.deb https://git.quad4.io/Quad4-Extra/assets/raw/commit/90fdcea1bb71d91df2de6ff2e3897f278413f300/bin/trivy_0.68.2_Linux-64bit.deb
sudo dpkg -i /tmp/trivy.deb || sudo apt-get install -f -y
- name: Install Trivy
run: task trivy:install
- name: Generate SBOM
run: |
mkdir -p sbom
trivy fs --format spdx-json --include-dev-deps --output sbom/sbom.spdx.json .
trivy fs --format cyclonedx --include-dev-deps --output sbom/sbom.cyclonedx.json .
run: task sbom
- name: Commit and Push Changes
run: |
git config --global user.name "Gitea Action"
git config --global user.email "actions@noreply.quad4.io"
git remote set-url origin https://${{ secrets.GITEA_TOKEN }}@git.quad4.io/${{ github.repository }}.git
git fetch origin main
git checkout main
git fetch origin main || git fetch origin master
git checkout main || git checkout master
git add sbom/
git diff --quiet && git diff --staged --quiet || (git commit -m "Auto-update SBOM [skip ci]" && git push origin main)
if ! git diff --quiet || ! git diff --staged --quiet; then
git commit -m "Auto-update SBOM [skip ci]"
git push origin main || git push origin master
fi
env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}