test(BUILD-1563): release

SonarSource · May 6, 2022 · 5a35879 · 5a35879
1 parent 403e4c2
commit 5a35879
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 23 deletions.
diff --git a/.github/workflows/test-action.yml b/.github/workflows/test-action.yml
@@ -2,10 +2,7 @@ name: Test action
 on:
   pull_request:
   push:
-#    branches:
-#      - '**'
-    tags-ignore:
-      - '**'
+    branches: [ '**' ]
   release:
     types:
       - created
@@ -24,8 +21,9 @@ jobs:
           image: alpine:latest
           filename: test-action-bom.json
           upload-artifact: true
-          upload-release-assets: ${{ contains(github.ref, 'test') }}
+          upload-release-assets: true
         env:
+          GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }}
           GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
           GPG_PRIVATE_KEY_BASE64: ${{ secrets.GPG_PRIVATE_KEY_BASE64 }}
       - run: |

diff --git a/.github/workflows/test-workflow.yml b/.github/workflows/test-workflow.yml
@@ -16,10 +16,11 @@ jobs:
       image: alpine:latest
       filename: test-workflow-bom.json
       upload-artifact: true
-      upload-release-assets: ${{ contains(github.ref, 'test') }}
+      upload-release-assets: true
     secrets:
       GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
       GPG_PRIVATE_KEY_BASE64: ${{ secrets.GPG_PRIVATE_KEY_BASE64 }}
+#      GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }}
   test2-workflow:
     name: Test SonarSource/gh-action_sbom on alpine:latest
     uses: ./.github/workflows/workflow.yml

diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
@@ -34,8 +34,13 @@ on:
     secrets:
       GPG_PRIVATE_KEY_PASSPHRASE:
         required: false
+        description: "Required when 'upload-artifact' is true"
       GPG_PRIVATE_KEY_BASE64:
         required: false
+        description: "Required when 'upload-artifact' is true"
+#      GITHUB_TOKEN:
+#        required: ${{ upload-release-assets }}
+#        description: "Required when 'upload-release-assets' is true"
 
 jobs:
   sbom:
@@ -72,7 +77,16 @@ jobs:
           path: |
             ${{ inputs.filename }}
             ${{ inputs.filename }}.asc
-      - uses: anchore/sbom-action/[email protected]
-        if: inputs.upload-release-assets
+#      - uses: anchore/sbom-action/[email protected]
+#        if: inputs.upload-release-assets
+#        with:
+#          sbom-artifact-match: "${{ inputs.filename }}(.asc)?"
+      - name: Upload binaries to release
+        if: inputs.upload-release-assets && startsWith(github.ref, 'refs/tags/')
+        uses: svenstaro/upload-release-action@v2
         with:
-          sbom-artifact-match: "${{ inputs.filename }}(.asc)?"
+          repo_token: ${{ github.token }}
+          file_glob: true
+          file: "${{ inputs.filename }}?(.asc)"
+          tag: ${{ github.ref }}
+          overwrite: true
diff --git a/README.md b/README.md
@@ -103,6 +103,17 @@ git update-ref -m "reset: update branch v1 to tag 1.0.0" refs/heads/v1 1.0.0
 git push origin v1
 ```
 
+## FAQ
+
+### Warning Unexpected input
+
+> ```
+> Warning: Unexpected input(s) 'upload-artifact', 'upload-release-assets', 
+> valid inputs are ['path', 'image', 'registry-username', 'registry-password', 'format', 'github-token', 'artifact-name', 'output-file', 'syft-version', 'dependency-snapshot']
+> ```
+
+The warning can be ignored, see anchore/sbom-action#269
+
 ## References
 
 [Xtranet/RE/Artifact Management#GitHub Actions](https://xtranet-sonarsource.atlassian.net/wiki/spaces/RE/pages/872153170/Artifact+Management#GitHub-Actions)

diff --git a/action.yml b/action.yml
@@ -55,18 +55,16 @@ runs:
         path: |
           ${{ inputs.filename }}
           ${{ inputs.filename }}.asc
-    - uses: anchore/sbom-action/[email protected]
-      if: inputs.upload-release-assets == 'true'
-      with:
-        sbom-artifact-match: "${{ inputs.filename }}.asc"
-#        sbom-artifact-match: "${{ inputs.filename }}(.asc)?"
-#    - name: Upload binaries to release
-#    if: github.event.release.created == 'true' && inputs.upload-release-assets == 'true'
-#      uses: svenstaro/upload-release-action@v2
+#    - uses: anchore/sbom-action/[email protected]
+#      if: inputs.upload-release-assets == 'true'
 #      with:
-#        repo_token: ${{ secrets.GITHUB_TOKEN }}
-#        file_glob: true
-#        file: "${{ inputs.filename }}?(.asc)"
-#        tag: ${{ github.ref }}
-#        overwrite: true
-
+#        sbom-artifact-match: "${{ inputs.filename }}(.asc)?"
+    - name: Upload binaries to release
+      if: inputs.upload-release-assets == 'true' && env.GITHUB_TOKEN && startsWith(github.ref, 'refs/tags/')
+      uses: svenstaro/upload-release-action@v2
+      with:
+        repo_token: ${{ env.GITHUB_TOKEN }}
+        file_glob: true
+        file: "${{ inputs.filename }}?(.asc)"
+        tag: ${{ github.ref }}
+        overwrite: true