mirror of
https://github.com/helm/chartmuseum.git
synced 2026-02-05 15:45:50 +01:00
77d6cea5a9
* Add bom generation script This commit adds a script in scripts/sbom.sh that generates the SBOM for the release adding three kinds of elements to it: 1. The source code with full dependencies 2. The tarball distrubutions written in _dist 3. The container image The SBOM is written into the _dist directory. Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev> * Generate SBOM from build workflow This commit modifies the build pipeline to generate an SPDX SBOM describing the release. It uses the new bom-installer action to install the Kubernetes SBOM Tool into the runner and calls the scripts/sbom.sh script which handles the generation. Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev> * Modify release pipeline to properly include SBOM Signed-off-by: Josh Dolitsky <josh@dolit.ski> Co-authored-by: Josh Dolitsky <josh@dolit.ski>