Skip to content
New issue

Have a question about this project?Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to ourterms of serviceand privacy statement.We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Software Bill of Material (SBOM) as part of the release #22054

Open
wants to merge 1 commit into
base: 5.x-dev
Choose a base branch
from
Open

Create Software Bill of Material (SBOM) as part of the release #22054

wants to merge 1 commit into from
+12 −0

Conversation

LaurentGoderre
Copy link

Description:

Create an SBOM to include in the release to preserve dependency information.

POC here:
https://github /LaurentGoderre/sbom-ci-test
https://github /LaurentGoderre/sbom-ci-test/actions/runs/8452612627

Alternative to#22048

Review

@sgiehl sgiehl added the Needs Review PRs that need a code review label Mar 27, 2024
@sgiehl sgiehl requested a review froma team March 27, 2024 14:09
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 5, 2024

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added the Stale The label used by the Close Stale Issues action label Apr 5, 2024
@sgiehl sgiehl mentioned this pull request Apr 15, 2024
Closed
11 tasks
@michalkleiner
Copy link
Contributor

How can we test this? We'd need to merge it and then see what happens on the next release? Or do a draft PR just with the SBOM generation and test that by running the action manually without all the actual release stuff?

@github-actions github-actions bot removed the Stale The label used by the Close Stale Issues action label Apr 17, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added the Stale The label used by the Close Stale Issues action label Apr 24, 2024
@LaurentGoderre
Copy link
Author

@michalkleinerI can do a demo on my fork.

@github-actions github-actions bot removed the Stale The label used by the Close Stale Issues action label Apr 25, 2024
@michalkleiner michalkleiner added the Do not close PRs with this label won't be marked as stale by the Close Stale Issues action label Apr 28, 2024
@LaurentGoderre
Copy link
Author

@michalkleinerI created a release in my fork but the file doesn't make it to the end package

@LaurentGoderre
Copy link
Author

@michalkleinerfixed. You can see it in action here:https://github /LaurentGoderre/matomo/releases

@michalkleiner
Copy link
Contributor

Thanks for the link@LaurentGoderre.

I'll put the JSON the tool generates here from one of your release archives. I'm not sure if things like github actions should be included, what can be configured, what should or shouldn't be in the SBOM.

Maybe we need to have a discussion with @matomo-org/core-reviewers on this.

matomo.spdx.json

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 9, 2024

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels May 9, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels May 17, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels May 25, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 2, 2024

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels Jun 2, 2024
@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels Aug 4, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels Aug 12, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels Aug 20, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels Aug 28, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 5, 2024

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels Sep 5, 2024
@LaurentGoderre
Copy link
Author

@mneudertcould I please get some help moving this along?

@github-actions GitHub Actions
Copy link
Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels Sep 13, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels Sep 21, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels Sep 29, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 7, 2024

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels Oct 7, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions github-actions bot added Stale The label used by the Close Stale Issues action and removed Stale The label used by the Close Stale Issues action labels Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michalkleiner michalkleiner michalkleiner requested changes

@sgiehl sgiehl sgiehl left review comments

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
Do not close PRs with this label won't be marked as stale by the Close Stale Issues action Needs Review PRs that need a code review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@LaurentGoderre @michalkleiner @rr-it @sgiehl