stephen/harbor-ci-cd-demo
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Debug sbom upload
All checks were successful
CI/CD Pipeline - Build, Test, and Deploy / 🏗️ Build & Push Image (push) Successful in 13s
Details
CI/CD Pipeline - Build, Test, and Deploy / 🧹 Cleanup (push) Successful in 1s
Details

Browse Source
This commit is contained in:
stephenminakian
2025-07-03 09:17:46 -06:00
parent f50017c650
commit 86eba16061
1 changed files with 10 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
.gitea/workflows/ci-cd.yml
View File

@ -139,26 +139,19 @@ jobs:
echo "SBOM generated successfully" echo "SBOM generated successfully"
- name: Install ORAS CLI - name: Upload SBOM to Harbor
run: | run: |
ORAS_VERSION="1.2.3" # Install ORAS
curl -LO https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz curl -LO https://github.com/oras-project/oras/releases/download/v1.1.0/oras_1.1.0_linux_amd64.tar.gz
tar -xzf oras_${ORAS_VERSION}_linux_amd64.tar.gz oras tar -xzf oras_1.1.0_linux_amd64.tar.gz
chmod +x oras sudo mv oras /usr/local/bin/
mv oras /usr/local/bin/oras
# Push SBOM as an artifact to Harbor
- name: Upload SBOM to Harbor via ORAS oras push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-sbom \
run: |
IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
# Authenticate (ensure $HARBOR_USERNAME and $HARBOR_TOKEN are exported already)
echo "${{ secrets.HARBOR_TOKEN }}" | oras login ${{ env.REGISTRY }} -u '${{ secrets.HARBOR_USERNAME }}' --password-stdin
# Push the SBOM attached to the image
oras push $IMAGE \
--artifact-type application/spdx+json \ --artifact-type application/spdx+json \
--subject $IMAGE \
sbom.spdx.json:application/spdx+json sbom.spdx.json:application/spdx+json
echo "SBOM uploaded successfully to Harbor"
# Job 4: Image Security Scan # Job 4: Image Security Scan
# scan: # scan: