Skip to content

Gaction

Gaction #1

Workflow file for this run

# ********************************************************************************
# Copyright (c) 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made
# available under the terms of the Apache Software License 2.0
# which is available at https://www.apache.org/licenses/LICENSE-2.0.
#
# SPDX-License-Identifier: Apache-2.0
# ********************************************************************************
---
name: SignSBOM
on:
pull_request:
branches: [master]
paths:
- ".github/workflows/signsbom.yml"
- "cyclonedx-lib/**"
# Cancel existing runs if user makes another push.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
test_sbom_sign:
name: sign_sbom
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
# Build with jdk17 to ensure TemurinSignSBOM meets min compatibility
- uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
id: setup-java
with:
java-version: 17
distribution: 'temurin'
- name: Build TemurinSignSBOM.java
run: |
ant -noinput -buildfile cyclonedx-lib/build.xml clean
ant -noinput -buildfile cyclonedx-lib/build.xml build-sign-sbom
ant -noinput -buildfile cyclonedx-lib/build.xml build
- name: Run TemurinSignSBOM Unit test
run: |
ant -noinput -buildfile cyclonedx-lib/build.xml runSignAndVerifySBOM
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
name: Collect and Archive TemurinSignSBOM Artifacts
with:
name: testSBOM
path: cyclonedx-lib/build/testSBOM.json