From 82d28fc30cee496a1e636a96d930ce8d03df1b53 Mon Sep 17 00:00:00 2001
From: Andre Vieira <andre.vieira@ydata.ai>
Date: Mon, 25 Mar 2024 11:58:40 +0000
Subject: [PATCH] fix(actions): static analysis on pre

---
 .github/workflows/prereleased.yaml | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/prereleased.yaml b/.github/workflows/prereleased.yaml
index 7b321d9..2d1b1d3 100644
--- a/.github/workflows/prereleased.yaml
+++ b/.github/workflows/prereleased.yaml
@@ -29,7 +29,7 @@ env:
 
 permissions:
   id-token: write
-  contents: read
+  contents: write
   packages: read
 
 
@@ -204,3 +204,31 @@ jobs:
         git config user.name "Azory YData Bot"
         git commit -a -m "chore(bump): [CI] [DEV] bump ${{ env.COMPONENT }} package ${{ matrix.package }} to $VERSION"
         git push origin master
+
+
+  static-analysis:
+    name: Static Analysis
+    runs-on:
+    #- self-hosted
+    #- large
+    - ubuntu-22.04
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Create SBOM
+      uses: anchore/sbom-action@v0
+      with:
+        upload-artifact-retention: 1
+        format: cyclonedx-json
+        output-file: package-sbom.cyclonedx.json
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ secrets.AWS_S3_SBOMS_ROLE_ARN }}
+        aws-region: ${{ env.AWS_S3_REGION }}
+
+    - name: Copy SBOM to S3
+      run: |
+        aws s3 cp package-sbom.cyclonedx.json s3://repos-sboms/${{ github.event.repository.name }}/package-sbom.cyclonedx.json