try sbom action

elabftw · Jun 1, 2023 · 306d3cf · 306d3cf
1 parent 619577f
commit 306d3cf
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/.github/workflows/build_hypernext.yaml b/.github/workflows/build_hypernext.yaml
@@ -8,6 +8,10 @@ on:
     schedule:
       - cron: "42 01 * * *"
 
+## GITHUB_TOKEN authentication
+permissions:
+  contents: write
+
 jobs:
     buildandpush:
         runs-on: ubuntu-latest
@@ -64,6 +68,15 @@ jobs:
                 vuln-type: 'os,library'
                 severity: 'CRITICAL,HIGH'
 
+            - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
+              uses: aquasecurity/trivy-action@master
+              with:
+                scan-type: 'fs'
+                format: 'github'
+                output: 'dependency-results.sbom.json'
+                image-ref: '.'
+                github-pat: ${{ secrets.GITHUB_TOKEN }}
+
               # This ugly bit is necessary if you don't want your cache to grow forever
               # till it hits GitHub's limit of 5GB.
               # Temp fix

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,10 @@
 # Container image version
 # Note: the version here is from `ELABIMG_VERSION` present in Dockerfile, not the tagged one
 
+# 4.3.0
+
+* Add php81-iconv package required by LdapRecord dependency
+
 # 4.2.1
 
 * Make 404 page lighter

diff --git a/Dockerfile b/Dockerfile
@@ -108,7 +108,7 @@ RUN abuild-keygen -n -a && abuild && find /home/builder/packages -type f -name '
 FROM alpine:3.16
 
 # this is versioning for the container image
-ENV ELABIMG_VERSION=4.2.1
+ENV ELABIMG_VERSION=4.3.0
 
 # the target elabftw version is passed with --build-arg
 # it is a mandatory ARG