Skip to content

Dependencies and Licenses #84

Dependencies and Licenses

Dependencies and Licenses #84

name: Dependencies and Licenses
on:
release:
types:
- published
defaults:
run:
shell: bash
jobs:
generate-dependencies:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout Core Repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 #v4.1.0
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe #v4.1.0
with:
go-version: '~1.20'
- name: Install go-licence-detector
run: |
go install go.elastic.co/[email protected]
- name: Clean Go mod
run: go mod tidy
- name: Generate Dependencies and Licenses
run: go list -m -json all | go-licence-detector -includeIndirect -depsTemplate=.dependencies/templates/dependencies.csv.tmpl -depsOut=dependencies-and-licenses.txt
- name: Upload dependencies and licenses artifact
run: |
curl --request POST "https://uploads.github.com/repos/Dynatrace/dynatrace-configuration-as-code/releases/${{ github.event.release.id }}/assets?name=dependencies-and-licenses.txt" \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--header "Content-Type: application/octet-stream" \
--fail \
--data-binary @dependencies-and-licenses.txt
- name: Generate SBOM in CycloneDX format
uses: CycloneDX/gh-gomod-generate-sbom@efc74245d6802c8cefd925620515442756c70d8f #v2.0.0
with:
version: v1
args: app -licenses -main cmd/monaco/ -output sbom.xml
- name: Upload SBOM artifact
run: |
curl --request POST "https://uploads.github.com/repos/Dynatrace/dynatrace-configuration-as-code/releases/${{ github.event.release.id }}/assets?name=sbom.xml" \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--header "Content-Type: application/octet-stream" \
--fail \
--data-binary @sbom.xml