* Add bom generation script
This commit adds a script in scripts/sbom.sh that generates
the SBOM for the release adding three kinds of elements to it:
1. The source code with full dependencies
2. The tarball distrubutions written in _dist
3. The container image
The SBOM is written into the _dist directory.
Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev>
* Generate SBOM from build workflow
This commit modifies the build pipeline to generate an SPDX SBOM
describing the release. It uses the new bom-installer action to
install the Kubernetes SBOM Tool into the runner and calls the
scripts/sbom.sh script which handles the generation.
Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev>
* Modify release pipeline to properly include SBOM
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Co-authored-by: Josh Dolitsky <josh@dolit.ski>
- update to Go 1.15.7
- add release artifacts script (copied from Helm)
- add KEYS file containing maintainer signing keys
- update Makefile to follow Helm release process
- update dependencies (including auth and storage)
- rename masterHandler to rootHandler
- add get-chartmuseum script (based on get-helm-3 script)
- remove unused scripts and make targets for old release process
- modify README with new install instructions and docker image
- rename scripts to use dashes vs underscores
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
