Skip to content

Setup Pythonv6, checksum verification & Shallow merge #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
saptarshimandal1 merged 1 commit into from
Oct 3, 2025
Merged

Setup Pythonv6, checksum verification & Shallow merge #39

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 19 additions & 44 deletions .github/workflows/sbom.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,68 +1,43 @@
# .github/workflows/sbom.yml
name: SBOM Check

on:
workflow_dispatch:
inputs:
environment:
run:
description: "Run SBOM check"
required: true
type: choice
options:
- yes
- no

env:
SYFT_VERSION: "1.27.1"
TF_VERSION: "1.12.2"
type: boolean
default: true

jobs:
deploy:
name: Software Bill of Materials
sbom:
if: ${{ inputs.run }}
runs-on: ubuntu-latest
permissions:
actions: read
contents: write
contents: write # needed if you want SBOMs uploaded to Releases
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v5

- name: Setup Python 3.13
uses: actions/setup-python@v5
uses: actions/setup-python@v6
with:
python-version: "3.13"

- name: Setup Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
with:
terraform_version: "1.12.2"

- uses: terraform-linters/setup-tflint@ae78205cfffec9e8d93fd2b3115c7e9d3166d4b6
name: Setup TFLint

- name: Set architecture variable
id: os-arch
run: |
case "${{ runner.arch }}" in
X64) ARCH="amd64" ;;
ARM64) ARCH="arm64" ;;
esac
echo "arch=${ARCH}" >> $GITHUB_OUTPUT

- name: Download and setup Syft
run: |
DOWNLOAD_URL="https://github.com/anchore/syft/releases/download/v${{ env.SYFT_VERSION }}/syft_${{ env.SYFT_VERSION }}_linux_${{ steps.os-arch.outputs.arch }}.tar.gz"
echo "Downloading: ${DOWNLOAD_URL}"

curl -L -o syft.tar.gz "${DOWNLOAD_URL}"
tar -xzf syft.tar.gz
chmod +x syft

# Add to PATH for subsequent steps
echo "$(pwd)" >> $GITHUB_PATH

- name: Create SBOM
run: bash scripts/create-sbom.sh terraform python tflint
- name: Setup TFLint
uses: terraform-linters/setup-tflint@ae78205cfffec9e8d93fd2b3115c7e9d3166d4b6

- name: Upload SBOM as artifact
uses: actions/upload-artifact@v4
# Base SBOM for repo (SPDX JSON). Also uploaded as a workflow artifact.
- name: Generate SBOM (repo)
uses: anchore/sbom-action@v0
with:
name: sbom
path: sbom.json
path: .
format: spdx-json
output-file: sbom.spdx.json