Skip to content

Commit

Permalink
Adds Software BOM to releases
Browse files Browse the repository at this point in the history 
Signed-off-by: Matthew Pope <[email protected]>
  • Loading branch information
@popematt
popematt committed Nov 18, 2022
1 parent ff91d4c commit 9531842
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
3 changes: 2 additions & 1 deletion .github/workflows/publish-release-artifacts.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
submodules: recursive
- uses: gradle/gradle-build-action@v2
with:
arguments: build
arguments: build cyclonedxBom
- name: Upload Jar to GitHub release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -58,4 +58,5 @@ jobs:
# It may also need to be able to upload more than one file.
run: |
gh release upload "v$(<project.version)" "build/libs/ion-java-$(<project.version).jar"
gh release upload "v$(<project.version)" "build/reports/bom.json"
# TODO: Add `publish-to-maven-central` job
6 changes: 6 additions & 0 deletions build.gradle.kts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ plugins {
`maven-publish`
jacoco
signing
id("org.cyclonedx.bom") version "1.7.2"
// TODO: static analysis. E.g.:
// id("com.diffplug.spotless") version "6.11.0"
// id("com.github.spotbugs") version "4.8.0"
Expand Down Expand Up @@ -107,6 +108,11 @@ tasks {
withType<Sign> {
setOnlyIf { isReleaseVersion && gradle.taskGraph.hasTask("publish") }
}

cyclonedxBom {
setIncludeConfigs(listOf("runtimeClasspath"))
setSkipConfigs(listOf("compileClasspath", "testCompileClasspath"))
}
}

publishing {
Expand Down

0 comments on commit 9531842

Please sign in to comment.