.github/workflows/sbom.yml

name: Generate SBOM

on:
  push:
    branches:
      - main
  pull_request:

jobs:
  generate-sbom:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v3

    - name: Set up Syft
      run: |
        curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh

    - name: Generate CycloneDX SBOM
      run: |
        ./bin/syft . -o cyclonedx-json > sbom.json
        
    - name: Upload SBOM to Dependency-Track
      run: |
        curl -X "POST" "http://34.46.105.78:8080/api/v1/bom" \
        -H "X-Api-Key: odt_LCjFjndcfjTpWEKr2oSc3KKsbgVHO3VC" \
        -H "Content-Type: multipart/form-data" \
        -F "project=d2f9cf45-e514-4039-a666-4ae157245879" \
        -F "bom=@sbom.json"
        
    - name: Upload SBOM  artifact
      uses: actions/upload-artifact@v3
      with:
        name: sbom
        path: sbom.json