Skip to content

feat: add SBOM generation and attestation to GitHub workflow #17277

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 7, 2025
Merged

feat: add SBOM generation and attestation to GitHub workflow #17277

merged 1 commit into from
Apr 7, 2025

Conversation

ThomasK33
Copy link
Member

@ThomasK33 ThomasK33 commented Apr 7, 2025
edited
Loading

Move SBOM generation and attestation to GitHub workflow

This PR moves the SBOM generation and attestation process from the build_docker.sh script to the GitHub workflow. The change:

  1. Removes SBOM generation and attestation from the build_docker.sh script
  2. Adds a new "SBOM Generation and Attestation" step in the GitHub workflow
  3. Generates and attests SBOMs for both multi-arch images and latest tags when applicable

This approach ensures SBOM generation happens once for the final multi-architecture image rather than for each architecture separately.

Change-Id: I2e15d7322ddec933bbc9bd7880abba9b0842719f
Signed-off-by: Thomas Kosiewski tk@coder.com

@ThomasK33 ThomasK33 requested a review from matifali April 7, 2025 12:14
@ThomasK33 Graphite App
Copy link
Member Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@ThomasK33 ThomasK33 marked this pull request as ready for review April 7, 2025 12:14
matifali
matifali approved these changes Apr 7, 2025
View reviewed changes
Copy link
Member

@matifali matifali left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we also add this to ci.yaml so that we can have it for preview releases too.

@ThomasK33 ThomasK33 force-pushed the thomask33/04-07-feat_add_sbom_generation_and_attestation_to_github_workflow branch from c7e6be1 to 26ee58a Compare April 7, 2025 14:53
@ThomasK33 ThomasK33 requested a review from matifali April 7, 2025 14:53
@ThomasK33 Graphite App
Copy link
Member Author

This will now also upload the json sbom files as part of the release.
We might not want this, but I think it'll make them more accessible and visible to customers.

matifali
matifali approved these changes Apr 7, 2025
View reviewed changes
@ThomasK33
feat: add SBOM generation and attestation to GitHub workflow
e3ff60a 
Change-Id: I2e15d7322ddec933bbc9bd7880abba9b0842719f
Signed-off-by: Thomas Kosiewski <tk@coder.com>
@ThomasK33 ThomasK33 force-pushed the thomask33/04-07-feat_add_sbom_generation_and_attestation_to_github_workflow branch from 26ee58a to e3ff60a Compare April 7, 2025 14:59
@ThomasK33 ThomasK33 requested a review from matifali April 7, 2025 14:59
matifali
matifali approved these changes Apr 7, 2025
View reviewed changes
Copy link
Member

@matifali matifali left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢 it

@ThomasK33 ThomasK33 merged commit f48a24c into main Apr 7, 2025
38 checks passed
@ThomasK33 ThomasK33 deleted the thomask33/04-07-feat_add_sbom_generation_and_attestation_to_github_workflow branch April 7, 2025 15:54
@github-actions github-actions bot locked and limited conversation to collaborators Apr 7, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@matifali matifali matifali approved these changes

Assignees

@ThomasK33 ThomasK33

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ThomasK33 @matifali