From 0810b548379aa0d2c5d4d507adb35b2c8411496d Mon Sep 17 00:00:00 2001 From: Erik Bershel <110455084+erik-bershel@users.noreply.github.com> Date: Mon, 12 Dec 2022 10:48:30 +0100 Subject: [PATCH] Update SBOM-workflow with new variable agentSpec (#6742) --- .github/workflows/create_sbom_report.yml | 48 ++++++------------------ 1 file changed, 11 insertions(+), 37 deletions(-) diff --git a/.github/workflows/create_sbom_report.yml b/.github/workflows/create_sbom_report.yml index 7bb644857..90836ec89 100644 --- a/.github/workflows/create_sbom_report.yml +++ b/.github/workflows/create_sbom_report.yml @@ -1,7 +1,7 @@ name: Create and upload a SBOM to release assets # Inherited variables: -# github.event.client_payload.imageLabel - AzDO image label -# github.event.client_payload.GHreleaseID - Current release ID +# github.event.client_payload.agentSpec - Current YAML Label +# github.event.client_payload.ReleaseID - Current release ID # github.event.client_payload.imageVersion - AzDO image version "major.minor" # github.event.client_payload.ReleaseBranchName - Necessary to identify workflow run # @@ -15,45 +15,19 @@ defaults: run: shell: pwsh jobs: - #Converting image OS variable for the next steps - initialize: - runs-on: ubuntu-latest - outputs: - agent-spec: ${{ steps.converter.outputs.current-os }} - steps: - - name: Convert image label variable for ${{ github.event.client_payload.ReleaseBranchName }} - id: converter - run: | - $imageLabel = "${{ github.event.client_payload.imageLabel }}" - $currentOS = switch ($imageLabel) { - 'ubuntu22' { "ubuntu-22.04" } - 'ubuntu20' { "ubuntu-20.04" } - 'ubuntu18' { "ubuntu-18.04" } - 'win22' { "windows-2022" } - 'win19' { "windows-2019" } - 'macOS-12' { "macos-12" } - 'macOS-11' { "macos-11" } - default { - echo "currentOS variable is undefined. Please check imageLabel." - exit 1 - } - } - "current-os=$currentOS" | Out-File -FilePath $env:GITHUB_OUTPUT -Append #Checking image version on available runner version-check: - needs: initialize - runs-on: ${{ needs.initialize.output.agent-spec }} + runs-on: ${{ github.event.client_payload.agentSpec }} steps: - name: Available image version check run: | if ($env:ImageVersion -ne '${{ github.event.client_payload.imageVersion }}') { - echo "Error. Current runner $env:ImageVersion image version don't match ${{ github.event.client_payload.imageVersion }}." - exit 1 + throw "Current runner $env:ImageVersion image version don't match ${{ github.event.client_payload.imageVersion }}." } #Install and run SYFT, compress SBOM, upload it to release assets create-sbom: - needs: [initialize, version-check] - runs-on: ${{ needs.initialize.output.agent-spec }} + needs: version-check + runs-on: ${{ github.event.client_payload.agentSpec }} steps: #Installation section - name: Install SYFT tool on Windows @@ -72,9 +46,9 @@ jobs: - name: Run SYFT on macOS if: ${{ runner.os == 'macOS' }} run: syft dir:/ -vv -o spdx-json=sbom.json --exclude ./Users --exclude ./System/Volumes --exclude ./private - #Preparing artifact (raw SBOM.x.json is too big) + #Preparing artifact (raw SBOM.json is too big) - name: Compress SBOM file - run: Compress-Archive sbom.json sbom.${{ github.event.client_payload.imageLabel }}.json.zip + run: Compress-Archive sbom.json sbom.json.zip #Upload release asset action #Might be changed to softprops/action-gh-release after additional check - name: Upload release asset @@ -82,7 +56,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - upload_url: "https://uploads.github.com/repos/actions/runner-images/releases/${{ github.event.client_payload.GHreleaseID }}/assets{?name,label}" - asset_path: ./sbom.${{ github.event.client_payload.imageLabel }}.json.zip - asset_name: sbom.${{ github.event.client_payload.imageLabel }}.json.zip + upload_url: "https://uploads.github.com/repos/actions/runner-images/releases/${{ github.event.client_payload.ReleaseID }}/assets{?name,label}" + asset_path: ./sbom.json.zip + asset_name: sbom.${{ github.event.client_payload.agentSpec }}.json.zip asset_content_type: application/zip \ No newline at end of file