Skip to content

Commit 8ee22cd

Browse files
swmalswmal
authored
Create regenerate-all-sboms.yml
1 parent 192feed commit 8ee22cd

1 file changed

Lines changed: 128 additions & 0 deletions

File tree

.github/workflows/regenerate-all-sboms.yml

Lines changed: 128 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,128 @@
1+
# Regenerates all SBOMs for all published EPPlus versions using specVersion 1.6.
2+
# Triggered manually via workflow_dispatch.
3+
name: Regenerate All SBOMs
4+
5+
on:
6+
workflow_dispatch:
7+
8+
jobs:
9+
sbom:
10+
runs-on: windows-latest
11+
strategy:
12+
matrix:
13+
version:
14+
- 7.3.0
15+
- 7.3.1
16+
- 7.3.2
17+
- 7.4.0
18+
- 7.4.1
19+
- 7.4.2
20+
- 7.5.0
21+
- 7.5.1
22+
- 7.5.2
23+
- 7.5.3
24+
- 7.6.0
25+
- 7.6.1
26+
- 7.7.0
27+
- 7.7.1
28+
- 7.7.2
29+
- 7.7.3
30+
- 8.0.1
31+
- 8.0.2
32+
- 8.0.3
33+
- 8.0.4
34+
- 8.0.5
35+
- 8.0.6
36+
- 8.0.7
37+
- 8.0.8
38+
- 8.1.0
39+
- 8.1.1
40+
- 8.2.0
41+
- 8.2.1
42+
- 8.3.0
43+
- 8.3.1
44+
- 8.4.0
45+
- 8.4.1
46+
- 8.4.2
47+
- 8.5.0
48+
# Allow other versions to continue if one fails
49+
fail-fast: false
50+
steps:
51+
- uses: actions/checkout@v4
52+
with:
53+
ref: release/epplus${{ matrix.version }}
54+
55+
- name: Fetch sbom-metadata-template.xml from develop8
56+
run: |
57+
git fetch origin develop8
58+
git checkout origin/develop8 -- src/EPPlus/sbom-metadata-template.xml
59+
shell: pwsh
60+
61+
- name: Setup .NET
62+
uses: actions/setup-dotnet@v4
63+
with:
64+
dotnet-version: |
65+
9.0.x
66+
10.0.x
67+
68+
- name: Read target frameworks from csproj
69+
run: |
70+
$xml = [xml](Get-Content ./src/EPPlus/EPPlus.csproj)
71+
$tfms = $xml.Project.PropertyGroup.TargetFrameworks | Where-Object { $_ } | Select-Object -First 1
72+
echo "VERSION=${{ matrix.version }}" >> $env:GITHUB_ENV
73+
echo "TFMS=$tfms" >> $env:GITHUB_ENV
74+
shell: pwsh
75+
76+
- name: Restore dependencies
77+
run: dotnet restore ./src/EPPlus.sln
78+
79+
- name: Install CycloneDX
80+
run: dotnet tool install --global CycloneDX
81+
82+
- name: Generate combined SBOM
83+
run: dotnet CycloneDX ./src/EPPlus/EPPlus.csproj -o ./sbom -F Json -st Library -sv ${{ env.VERSION }} -fn epplus-${{ env.VERSION }}.sbom.json -imp ./src/EPPlus/sbom-metadata-template.xml --spec-version 1.6
84+
85+
- name: Generate per-TFM SBOMs
86+
run: |
87+
$tfms = "${{ env.TFMS }}" -split ";"
88+
foreach ($tfm in $tfms) {
89+
$tfm = $tfm.Trim()
90+
if ([string]::IsNullOrEmpty($tfm)) { continue }
91+
Write-Host "Generating SBOM for $tfm"
92+
dotnet CycloneDX ./src/EPPlus/EPPlus.csproj -o ./sbom -F Json -st Library -sv ${{ env.VERSION }} -fn "epplus-${{ env.VERSION }}.$tfm.sbom.json" -imp ./src/EPPlus/sbom-metadata-template.xml --framework $tfm --spec-version 1.6
93+
}
94+
shell: pwsh
95+
96+
- name: Generate SHA-256 checksums for all SBOMs
97+
run: |
98+
Get-ChildItem -Path "./sbom" -Filter "*.sbom.json" | ForEach-Object {
99+
$hash = (Get-FileHash -Path $_.FullName -Algorithm SHA256).Hash.ToLower()
100+
"$hash $($_.Name)" | Out-File -FilePath "$($_.FullName).sha256" -Encoding utf8NoBOM
101+
Write-Host "Checksum generated for $($_.Name): $hash"
102+
}
103+
shell: pwsh
104+
105+
- name: Authenticate to Azure
106+
uses: Azure/login@v2
107+
with:
108+
creds: '{"clientId":"${{ secrets.EPPLUS_CODE_SIGNING_APPLICATION_ID }}","clientSecret":"${{ secrets.EPPLUS_CODE_SIGNING_SECRET }}","subscriptionId":"${{ secrets.EPPLUS_CODE_SIGNING_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.EPPLUS_CODE_SIGNING_TENENT_ID }}"}'
109+
110+
- name: Upload all SBOMs to Azure Blob Storage
111+
run: |
112+
Get-ChildItem -Path "./sbom" | ForEach-Object {
113+
Write-Host "Uploading $($_.Name)"
114+
az storage blob upload `
115+
--account-name eppluswebprod `
116+
--container-name sbom `
117+
--name $_.Name `
118+
--file $_.FullName `
119+
--auth-mode login `
120+
--overwrite
121+
}
122+
shell: pwsh
123+
124+
- name: Upload all SBOMs as artifact
125+
uses: actions/upload-artifact@v4
126+
with:
127+
name: sbom-${{ matrix.version }}
128+
path: ./sbom/

0 commit comments

Comments
 (0)