feature/143-aii-eft-delivery Pin SBOM version to 1.4

puzzle · Oct 25, 2024 · 517408d · 517408d
1 parent 784625e
commit 517408d
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/.github/workflows/release-docker-image.yml b/.github/workflows/release-docker-image.yml
@@ -130,9 +130,17 @@ jobs:
           name: 'cyclonedx-cli'
           version: '0.27.1'
 
+      - name: Convert SBOMs to v1.4
+        run: |
+          cyclonedx-cli convert --input-file application-sbom.xml --output-file application-sbom.xml --output-format xml --output-version v1_4
+          cyclonedx-cli convert --input-file shibboleth-sp-sbom.xml --output-file shibboleth-sp-sbom.xml --output-format xml --output-version v1_4
+
       - name: Merge SBOMs
         run: cyclonedx-cli merge --input-files application-sbom.xml shibboleth-sp-sbom.xml target/bom.xml --output-file sbom.xml
 
+      - name: Debug
+        run: cyclonedx-cli analyze sbom.xml
+
       - name: Get semver version from pom and store major and minor version as deptrack version
         run: echo "DEPTRACK_PROJECT_VERSION=$(mvn org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout | cut -d '-' -f 1 | cut -d '.' -f 1-2).x" >> $GITHUB_ENV