ci: SBOM for releases

Add source bill of materials (SBOM) generation in goreleaser config.
sylabs · Mar 30, 2022 · bafd11f · bafd11f
1 parent 3dcab2e
commit bafd11f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -87,6 +87,9 @@ jobs:
     executor: golang-latest
     steps:
       - checkout
+      - run:
+          name: Install syft
+          command: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
       - run:
           name: Test Release
           command: curl -sL https://git.io/goreleaser | bash -s -- --snapshot --skip-publish
@@ -95,6 +98,9 @@ jobs:
     executor: golang-latest
     steps:
       - checkout
+      - run:
+          name: Install syft
+          command: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
       - run:
           name: Publish Release
           command: curl -sL https://git.io/goreleaser | bash

diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -65,3 +65,6 @@ archives:
   - id: linux-archives
     builds:
       - linux-builds
+
+sboms:
+  - artifacts: archive