mirror of
https://github.com/kairos-io/kairos-agent.git
synced 2025-10-22 03:49:31 +00:00
robot: Add SBOM artifacts to CI pipelines (#998)
* 🤖 Add image-sbom target Signed-off-by: mudler <mudler@c3os.io> * 🤖 Add image-sbom to main targets Signed-off-by: mudler <mudler@c3os.io> * 🤖 Add SBOM artifacts to pipelines Signed-off-by: mudler <mudler@c3os.io> --------- Signed-off-by: mudler <mudler@c3os.io>
This commit is contained in:
Ettore Di Giacinto
committed by
Itxaka
Itxaka
parent
b6bd105880
commit
8759d62259
17
Earthfile
17
Earthfile
@@ -36,12 +36,14 @@ ARG IMAGE_REPOSITORY_ORG=quay.io/kairos
|
||||
|
||||
all:
|
||||
BUILD +docker
|
||||
BUILD +image-sbom
|
||||
BUILD +iso
|
||||
BUILD +netboot
|
||||
BUILD +ipxe-iso
|
||||
|
||||
all-arm:
|
||||
BUILD --platform=linux/arm64 +docker
|
||||
BUILD +image-sbom
|
||||
BUILD +arm-image
|
||||
|
||||
go-deps:
|
||||
@@ -196,6 +198,21 @@ lint:
|
||||
BUILD +shellcheck-lint
|
||||
BUILD +yamllint
|
||||
|
||||
syft:
|
||||
FROM anchore/syft:latest
|
||||
SAVE ARTIFACT /syft syft
|
||||
|
||||
image-sbom:
|
||||
FROM +docker
|
||||
WORKDIR /build
|
||||
COPY +version/VERSION ./
|
||||
ARG VERSION=$(cat VERSION)
|
||||
ARG FLAVOR
|
||||
COPY +syft/syft /usr/bin/syft
|
||||
RUN syft / -o json=sbom.syft.json -o spdx-json=sbom.spdx.json
|
||||
SAVE ARTIFACT /build/sbom.syft.json sbom.syft.json AS LOCAL core-${FLAVOR}-${VERSION}-sbom.syft.json
|
||||
SAVE ARTIFACT /build/sbom.spdx.json sbom.spdx.json AS LOCAL core-${FLAVOR}-${VERSION}-sbom.spdx.json
|
||||
|
||||
luet:
|
||||
FROM quay.io/luet/base:$LUET_VERSION
|
||||
SAVE ARTIFACT /usr/bin/luet /luet
|
||||
|
||||
Reference in New Issue
Block a user