From 8a5aab7a0699442c7bb98612273442747ce107f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Pupier?= <apupier@redhat.com>
Date: Fri, 19 Jan 2024 15:43:48 +0100
Subject: [PATCH] FUSETOOLS2-2272 - Generate SBom and store it as GitHub
 Workflow artifact
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Pupier <apupier@redhat.com>
---
 .github/workflows/ci.yaml         | 11 +++++++++++
 .github/workflows/main-kaoto.yaml |  1 +
 2 files changed, 12 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 331f0d05..6998d37a 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -45,6 +45,17 @@ jobs:
       with:
         name: 'vscode-kaoto-vsix'
         path: '*.vsix'
+    - name: Generate SBOM
+      if: matrix.os == 'ubuntu-latest'
+      run: |
+          npm install --global @cyclonedx/cyclonedx-npm
+          cyclonedx-npm --omit dev --output-file manifest.json
+    - name: Store SBOM
+      uses: actions/upload-artifact@v4
+      if: matrix.os == 'ubuntu-latest'
+      with:
+        name: sbom
+        path: manifest.json
     - name: Store VS Code logs
       uses: actions/upload-artifact@v4
       if: always()
diff --git a/.github/workflows/main-kaoto.yaml b/.github/workflows/main-kaoto.yaml
index 08c0900a..69c73746 100644
--- a/.github/workflows/main-kaoto.yaml
+++ b/.github/workflows/main-kaoto.yaml
@@ -60,6 +60,7 @@ jobs:
       with:
         name: vsix-from-main-branch-of-kaoto
         path: 'vscode-kaoto/*.vsix'
+
     - name: Store VS Code logs
       uses: actions/upload-artifact@v4
       if: always()