ci: add support for SBOM generation in Docker CI workflow

2025-12-12 17:59:48 +01:00 · 2025-03-15 10:18:17 +01:00
parent 1851664c96
commit 208e6e60fc
1 changed files with 3 additions and 0 deletions
--- a/.github/workflows/ci_docker.yml
+++ b/.github/workflows/ci_docker.yml
@@ -96,6 +96,7 @@ jobs:
            ghcr.io/scito/extract_otp_secrets:latest-${{ matrix.PLATFORM_ARCH }}
            ghcr.io/scito/extract_otp_secrets:bookworm-${{ matrix.PLATFORM_ARCH }}
          provenance: true
+          sbom: true
          # build on feature branches, push only on master branch
          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}

@@ -218,6 +219,7 @@ jobs:
            ghcr.io/scito/extract_otp_secrets:only-txt-${{ matrix.PLATFORM_ARCH }}
            ghcr.io/scito/extract_otp_secrets:alpine-${{ matrix.PLATFORM_ARCH }}
          provenance: true
+          sbom: true
          # build on feature branches, push only on master branch
          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
          build-args: |
@@ -346,6 +348,7 @@ jobs:
            docker.io/scit0/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
            ghcr.io/scito/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
          provenance: true
+          sbom: true
          push: ${{ github.secret_source == 'Actions' }}

      - name: Image digest