Skip to content
SignSBOM

build(deps): bump actions/upload-artifact from 3.1.3 to 4.3.1 #183

Sign in to view logs

build(deps): bump actions/upload-artifact from 3.1.3 to 4.3.1

build(deps): bump actions/upload-artifact from 3.1.3 to 4.3.1 #183

Workflow file for this run

.github/workflows/signsbom.yml at 26f6b66
---
name: SignSBOM
on:
pull_request:
branches: [master]
paths:
- ".github/workflows/signsbom.yml"
- "cyclonedx-lib/**"
# Cancel existing runs if user makes another push.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
test_sbom_sign:
name: sign_sbom
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
# Build with jdk17 to ensure TemurinSignSBOM meets min compatibility
- uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4.1.0
id: setup-java
with:
java-version: 17
distribution: 'temurin'
- name: Build TemurinSignSBOM.java
run: |
ant -noinput -buildfile cyclonedx-lib/build.xml clean
ant -noinput -buildfile cyclonedx-lib/build.xml build-sign-sbom
ant -noinput -buildfile cyclonedx-lib/build.xml build
- name: Run TemurinSignSBOM Unit test
run: |
ant -noinput -buildfile cyclonedx-lib/build.xml runSignAndVerifySBOM
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
name: Collect and Archive TemurinSignSBOM Artifacts
with:
name: testSBOM
path: cyclonedx-lib/build/testSBOM.json