Skip to content

Commit

Permalink
Tweak string management
Browse files Browse the repository at this point in the history
  • Loading branch information
@vpetersson
vpetersson committed Oct 1, 2024
1 parent 1aaf98a commit e164d0b
Showing 1 changed file with 38 additions and 26 deletions.
64 changes: 38 additions & 26 deletions .github/workflows/phase_1_python.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,13 @@ jobs:
run: |
/tmp/trivy image \
--format cyclonedx \
--pkg-types os \
--output /tmp/container-sbom.cdx.json \
phase-1-python
/tmp/trivy image \
--format spdx-json \
--pkg-types os \
--output /tmp/container-sbom.spdx.json \
phase-1-python
Expand Down Expand Up @@ -116,62 +118,69 @@ jobs:
- name: Augment Container CycloneDX - document
run: |
/tmp/sbomasm edit --subject Document \
--author ${SBOM_AUTHOR} \
--supplier ${SBOM_SUPPLIER} \
/tmp/sbomasm edit \
--subject Document \
--author "$SBOM_AUTHOR" \
--supplier "$SBOM_SUPPLIER" \
--repository 'https:/CISA-SBOM-Community/SBOM-Generation' \
--license 'Apache-2.0' \
container-sbom-cyclonedx/container-sbom.cdx.json > /tmp/augmented_container-sbom.cdx.tmp
- name: Augment Container CycloneDX - component
run: |
/tmp/sbomasm edit --subject primary-component \
/tmp/sbomasm edit \
--subject primary-component \
--name phase1-python-application \
--author ${SBOM_AUTHOR} \
--supplier ${SBOM_SUPPLIER} \
--version ${GITHUB_SHA} \
--author "$SBOM_AUTHOR" \
--supplier "$SBOM_SUPPLIER" \
--version "$GITHUB_SHA" \
--repository 'https:/CISA-SBOM-Community/SBOM-Generation' \
--license 'Apache-2.0' \
/tmp/augmented_container-sbom.cdx.tmp > /tmp/augmented_container-sbom.cdx.json
- name: Augment Application CycloneDX - document
run: |
/tmp/sbomasm edit --subject Document \
/tmp/sbomasm edit \
--subject Document \
--name phase1-python-application \
--author ${SBOM_AUTHOR} \
--supplier ${SBOM_SUPPLIER} \
--author "$SBOM_AUTHOR" \
--supplier "$SBOM_SUPPLIER" \
--repository 'https:/CISA-SBOM-Community/SBOM-Generation' \
--lifecycle source \
--license 'Apache-2.0' \
application-sbom-cyclonedx/application-sbom.cdx.json > /tmp/augmented_application-sbom.cdx.tmp
- name: Augment Application CycloneDX - component
run: |
/tmp/sbomasm edit --subject primary-component \
/tmp/sbomasm edit \
--subject primary-component \
--name phase1-python-application \
--author ${SBOM_AUTHOR} \
--supplier ${SBOM_SUPPLIER} \
--version ${GITHUB_SHA} \
--author "$SBOM_AUTHOR" \
--supplier "$SBOM_SUPPLIER" \
--version "$GITHUB_SHA" \
--repository 'https:/CISA-SBOM-Community/SBOM-Generation' \
--license 'Apache-2.0' \
/tmp/augmented_application-sbom.cdx.tmp >/tmp/augmented_application-sbom.cdx.json
- name: Augment Container SPDX - document
run: |
/tmp/sbomasm edit --append --subject Document \
/tmp/sbomasm edit \
--append \
--subject Document \
--name phase1-python-application \
--author ${SBOM_AUTHOR} \
--supplier ${SBOM_SUPPLIER} \
--author "$SBOM_AUTHOR" \
--supplier "$SBOM_SUPPLIER" \
--repository 'https:/CISA-SBOM-Community/SBOM-Generation' \
--lifecycle source \
--license 'Apache-2.0' \
container-sbom-spdx/container-sbom.spdx.json > /tmp/augmented_container-sbom.spdx.tmp
- name: Augment Container SPDX - component
run: |
/tmp/sbomasm edit --subject primary-component \
/tmp/sbomasm edit \
--subject primary-component \
--name phase1-python-application \
--author ${SBOM_AUTHOR} \
--author "$SBOM_AUTHOR" \
--supplier ${SBOM_SUPPLIER} \
--version ${GITHUB_SHA} \
--repository 'https:/CISA-SBOM-Community/SBOM-Generation' \
Expand All @@ -180,22 +189,25 @@ jobs:
- name: Augment Application SPDX - document
run: |
/tmp/sbomasm edit --append --subject Document \
/tmp/sbomasm edit \
--append \
--subject Document \
--name phase1-python-application \
--author ${SBOM_AUTHOR} \
--supplier ${SBOM_SUPPLIER} \
--author "$SBOM_AUTHOR" \
--supplier "$SBOM_SUPPLIER" \
--repository 'https:/CISA-SBOM-Community/SBOM-Generation' \
--lifecycle source \
--license 'Apache-2.0' \
application-sbom-spdx/application-sbom.spdx.json > /tmp/augmented_application-sbom.spdx.tmp
- name: Augment Application SPDX - component
run: |
/tmp/sbomasm edit --subject primary-component \
/tmp/sbomasm edit \
--subject primary-component \
--name phase1-python-application \
--author ${SBOM_AUTHOR} \
--supplier ${SBOM_SUPPLIER} \
--version ${GITHUB_SHA} \
--author "$SBOM_AUTHOR" \
--supplier "$SBOM_SUPPLIER" \
--version "$GITHUB_SHA" \
--repository 'https:/CISA-SBOM-Community/SBOM-Generation' \
--license 'Apache-2.0' \
/tmp/augmented_application-sbom.spdx.tmp > /tmp/enriched_application-sbom.spdx.json
Expand Down

0 comments on commit e164d0b

Please sign in to comment.