Reapply "ci: add generating sbom to build workflow (#201)"

mreiger · mreiger · commit 93754e1fcd70 · 2025-06-27T16:31:55.000+02:00
This reverts commit 33ed45d.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -64,11 +64,25 @@ jobs:
       run: |
         make
 
+    - name: Generate SBOM for binary
+      uses: anchore/sbom-action@v0
+      env:
+        SBOM_NAME: sbom.json
+      with:
+        path: ./bin/
+        format: spdx-json
+        artifact-name: ${{ env.SBOM_NAME }}
+        output-file: ./bin/${{ env.SBOM_NAME }}1
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
     - name: Push Docker image
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
       with:
         context: .
         push: true
+        sbom: true
         tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TAG_NAME }}
 
     - name: Upload image tarballs to GCS
@@ -83,6 +97,7 @@ jobs:
         token: ${{ secrets.GITHUB_TOKEN }}
         files: |
           bin/firewall-controller*
+          bin/sbom.json
       if: ${{ github.event_name == 'release' }}
 
   test:
