Skip to content

2.15.0

2.15.0 #99

name: Dependencies and Licenses
on:
release:
types:
- published
defaults:
run:
shell: bash
jobs:
generate-dependencies:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout Core Repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 #v5.0.2
with:
go-version: '~1.22'
- name: Install go-licence-detector
run: |
go install go.elastic.co/[email protected]
- name: Clean Go mod
run: go mod tidy
- name: Generate Dependencies and Licenses
run: go list -m -json all | go-licence-detector -includeIndirect -depsTemplate=.dependencies/templates/dependencies.csv.tmpl -depsOut=dependencies-and-licenses.txt
- name: Upload dependencies and licenses artifact
run: |
curl --request POST "https://uploads.github.com/repos/Dynatrace/dynatrace-configuration-as-code/releases/${{ github.event.release.id }}/assets?name=dependencies-and-licenses.txt" \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--header "Content-Type: application/octet-stream" \
--fail \
--data-binary @dependencies-and-licenses.txt
- name: Install cyclonedx-gomod
run: go install github.com/CycloneDX/cyclonedx-gomod/cmd/[email protected]
- name: Generate SBOM in CycloneDX format
run: cyclonedx-gomod app -licenses -assert-licenses -json -main cmd/monaco/ -output sbom.cdx.json
- name: Upload SBOM artifact
run: |
curl --request POST "https://uploads.github.com/repos/Dynatrace/dynatrace-configuration-as-code/releases/${{ github.event.release.id }}/assets?name=sbom.cdx.json" \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--header "Content-Type: application/octet-stream" \
--fail \
--data-binary @sbom.cdx.json