diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 4813cc73b..05250bf8e 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -23,7 +23,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -32,6 +32,19 @@ jobs: id: build-artifacts run: poetry build + - name: Generate SBOM + id: generate-sbom + run: | + pip install cyclonedx-bom + cyclonedx-py environment -o bom.cdx.json + curl -L https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.32.0/cyclonedx-linux-x64 -o cyclonedx + chmod +x cyclonedx + ./cyclonedx convert \ + --input-file bom.cdx.json \ + --input-format json \ + --output-file bom.spdx.json \ + --output-format spdxjson + - name: Publish Release to PyPi id: publish-release-to-pypi env: @@ -48,3 +61,4 @@ jobs: --title ${GITHUB_REF_NAME} --notes-file ./doc/changes/changes_${GITHUB_REF_NAME}.md dist/* + bom.spdx.json diff --git a/.github/workflows/check-release-tag.yml b/.github/workflows/check-release-tag.yml index 2191c3057..0e3971ab1 100644 --- a/.github/workflows/check-release-tag.yml +++ b/.github/workflows/check-release-tag.yml @@ -21,7 +21,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 2c0dc355e..d247a7e29 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -20,7 +20,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -48,7 +48,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -75,7 +75,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -113,7 +113,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -141,7 +141,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -173,7 +173,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -196,7 +196,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -219,7 +219,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -242,7 +242,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 62cbc9c53..2945c41ee 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -35,7 +35,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/fast-tests.yml b/.github/workflows/fast-tests.yml index ac7faa679..3958495e7 100644 --- a/.github/workflows/fast-tests.yml +++ b/.github/workflows/fast-tests.yml @@ -25,7 +25,7 @@ jobs: fetch-depth: 0 - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 134be7f44..ff05877bf 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -22,7 +22,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index c0476ae0c..de338684a 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -28,7 +28,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml index 621a6447d..5df42e9e6 100644 --- a/.github/workflows/report.yml +++ b/.github/workflows/report.yml @@ -24,7 +24,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/exasol/toolbox/templates/github/workflows/build-and-publish.yml b/exasol/toolbox/templates/github/workflows/build-and-publish.yml index e5119e6c7..9d9f184dd 100644 --- a/exasol/toolbox/templates/github/workflows/build-and-publish.yml +++ b/exasol/toolbox/templates/github/workflows/build-and-publish.yml @@ -31,6 +31,19 @@ jobs: id: build-artifacts run: poetry build + - name: Generate SBOM + id: generate-sbom + run: | + pip install cyclonedx-bom + cyclonedx-py environment -o bom.cdx.json + curl -L https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.32.0/cyclonedx-linux-x64 -o cyclonedx + chmod +x cyclonedx + ./cyclonedx convert \ + --input-file bom.cdx.json \ + --input-format json \ + --output-file bom.spdx.json \ + --output-format spdxjson + - name: Publish Release to PyPi id: publish-release-to-pypi env: @@ -47,3 +60,4 @@ jobs: --title ${GITHUB_REF_NAME} --notes-file ./doc/changes/changes_${GITHUB_REF_NAME}.md dist/* + bom.spdx.json