Added workflow to create SBOMs for BlueChi

eclipse-bluechi / bluechi

Eclipse BlueChi is a systemd service controller intended for multi-node environments with a predefined number of nodes and with a focus on highly regulated ecosystems such as those requiring functional safety.

https://bluechi.readthedocs.io/en/latest/

GNU Lesser General Public License v2.1

130 stars 37 forks source link

Added workflow to create SBOMs for BlueChi #890

Closed engelmi closed 4 months ago

engelmi commented 4 months ago

By using sbom4rpms (an early version) on the built BlueChi RPMs, runtime dependencies can be resolved, collected and put into SPDX or CycloneDX SBOM format. This PR adds a new workflow to generate those. It is triggered only manually for now since it takes quite a while to finish (~15min) on a publish GitHub runner.

Example run with bluechi-sboms as artifact: GH Action: https://github.com/engelmi/bluechi/actions/runs/8801089769 Artifacts: bluechi-sboms.zip

coveralls commented 4 months ago

coverage: 84.588%. remained the same when pulling 340b9d1f6c44f05d110fcff83498674d1eba956a on engelmi:add-sbom-workflow into cc4214e7ecaffe76f8884724c616ad89b4cbc541 on eclipse-bluechi:main.