patch: add an option to not generate sbom

product-os / flowzone

Reusable, opinionated, zero-conf workflows for GitHub actions

https://flowzone.pages.dev

Apache License 2.0

15 stars 5 forks source link

patch: add an option to not generate sbom #1097

Closed aethernet closed 3 months ago

aethernet commented 3 months ago

SBOM generation is failing for some repository with some specific configuration.

This PR adds a global flowzone parameter to turn off sbom generation (on by default) and will continue-on-error.

klutchell commented 3 months ago

Should we also add continue-on-error: true to the steps that can fail under some conditions?

That way sbom generation is best effort for now, and doesn't require being manually disabled for some repos. The error will still get raised in the job summary but won't fail the job.

aethernet commented 3 months ago

good call

I've added it, but will keep the option to disable as there might be repositories where we don't want any sbom created.