[APIPUB-58] Change version for Download SBOM step (#63)

* [APIPUB-58] Change version for Download SBOM step * Update on-prerelease.yml * [APIPUB-58] Fix SBOM Upload Update steps to upload SBOM File
Ed-Fi-Alliance-OSS · Jul 10, 2024 · 9b51cbc · 9b51cbc
1 parent 464cb31
commit 9b51cbc
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/.github/workflows/on-prerelease.yml b/.github/workflows/on-prerelease.yml
@@ -113,7 +113,8 @@ jobs:
         shell: pwsh
         run: |
           $packageName = "${{ env.PACKAGE_NAME }}"
-
+          $version = "${{ needs.pack.outputs.data-import-version }}"
+          
           $url = "https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64"
           $out = "$($env:RUNNER_TEMP)/sbom-tool"
           Invoke-RestMethod -Uri $url -OutFile $out
@@ -122,24 +123,24 @@ jobs:
           Get-ChildItem -Include "$packageName.*.nupkg" -Recurse | ForEach-Object { $_.FullName } > buildfilelist.txt
           New-Item -Path manifest -Type Directory
 
-          $version = "${{ needs.pack.outputs.api-pub-version }}"
+          dotnet tool install --global Microsoft.Sbom.DotNetTool
 
-          &$out generate `
+          sbom-tool generate `
               -b ./ `
               -bl ./buildfilelist.txt `
               -bc "./src/EdFi.Tools.ApiPublisher.Cli" `
               -pn "$packageName" `
               -pv $version `
               -nsb https://ed-fi.org `
-              -m manifest `
+              -m ./ `
               -ps "Ed-Fi Alliance"
 
       - name: Upload SBOM
         if: success()
         uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
         with:
           name: ${{ env.PACKAGE_NAME }}-SBOM
-          path: ./manifest
+          path: ${{ env.MANIFEST_FILE }}
           if-no-files-found: error
           retention-days: 30
 
@@ -148,7 +149,7 @@ jobs:
         shell: bash
         run: |
           # sha256sum returns "<hashcode>  <name of file". Split that and return only the <hashcode>.
-          sbom_hash=$(sha256sum ./manifest/${{ env.MANIFEST_FILE }} | awk '{split($0,a); print a[1]}')
+          sbom_hash=$(sha256sum ./${{ env.MANIFEST_FILE }} | awk '{split($0,a); print a[1]}')
           echo "sbom-hash-code=$sbom_hash" >> $GITHUB_OUTPUT
 
   sbom-attach: