Open puerco opened 4 months ago
/assign
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
What would you like to be added:
Given sufficient credentials and permissions (ie a GITHUB_TOKEN) we should add a flag to
bom generate
to push the resulting SBOM to a github release. For examplebom generate . --release-push[=[org/repo@]v1.0.2]
If nothing is specified, we can infer the org/repo and tag from the go import path and checking if the HEAD commit is tagged
Why is this needed:
This would simplify the CI workflows using bom and would also take care of other nagging smaller problems such as naming the SBOM correctly.