Skip to content

fix: foss scan (#168) #22

fix: foss scan (#168)

fix: foss scan (#168) #22

Workflow file for this run

# SPDX-License-Identifier: MIT
name: release
on:
push:
# run only against tags
tags:
- 'v*'
permissions:
contents: write
id-token: write
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
- name: Login to ghcr.io
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- run: git fetch --force --tags
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: '1.22.5'
# - name: Synopsys Detect
# run: |
# GITHUB_REF="$(echo $GITHUB_REF_NAME | tr ':/' '_')"
# BLACKDUCK_SCAN_VERSION_NAME="${GITHUB_REF}_${GITHUB_SHA}"
# export BLACKDUCK_SCAN_VERSION_NAME
# # create the tmp directory as we also do during the release process
# mkdir -p tmp
# ./hack/foss-scan.sh
# mv tmp/Black_Duck_Notices_Report.txt tmp/3RD_PARTY_LICENSES.txt
# env:
# BLACKDUCK_URL: ${{ secrets.BLACKDUCK_URL }}
# BLACKDUCK_PROJECT_NAME: ${{ secrets.BLACKDUCK_PROJECT_NAME }}
# BLACKDUCK_TOKEN: ${{ secrets.BLACKDUCK_TOKEN }}
- name: SBOM
run: make sbom
- name: release
run: make release
env:
GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}