Skip to content

Capture CycloneDX JAR SHAs in SBoM #143

Capture CycloneDX JAR SHAs in SBoM

Capture CycloneDX JAR SHAs in SBoM #143

Workflow file for this run

---
name: SignSBOM
on:
pull_request:
branches: [master]
paths:
- ".github/workflows/signsbom.yml"
- "cyclonedx-lib/**"
# Cancel existing runs if user makes another push.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
test_sbom_sign:
name: sign_sbom
runs-on: ubuntu-latest
container:
image: adoptopenjdk/centos7_build_image
strategy:
fail-fast: false
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# Build with jdk17 to ensure TemurinSignSBOM meets min compatibility
- uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
id: setup-java
with:
java-version: 17
distribution: 'temurin'
- name: Build TemurinSignSBOM.java
run: |
ant -noinput -buildfile cyclonedx-lib/build.xml clean
ant -noinput -buildfile cyclonedx-lib/build.xml build-sign-sbom
ant -noinput -buildfile cyclonedx-lib/build.xml build
- name: Run TemurinSignSBOM Unit test
run: |
ant -noinput -buildfile cyclonedx-lib/build.xml runSignAndVerifySBOM
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
name: Collect and Archive TemurinSignSBOM Artifacts
with:
name: testSBOM
path: cyclonedx-lib/build/testSBOM.json