kuma

1
name: "Build bom and licenses"
2
on:
3
  workflow_dispatch: {}
4
  schedule:
5
    - cron: 0 3 * * *
6
permissions: read-all
7
jobs:
8
  sbom:
9
    timeout-minutes: 10
10
    runs-on: ubuntu-latest
11
    steps:
12
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
13
      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
14
        with:
15
          go-version-file: go.mod
16
      - uses: CycloneDX/gh-gomod-generate-sbom@efc74245d6802c8cefd925620515442756c70d8f # v2.0.0
17
        with:
18
          version: v1
19
          args: mod -licenses -json -output licenses.json
20
      - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
21
        with:
22
          name: licenses
23
          path: |
24
            licenses.json
25