From 636af4b812a684ba3b6b49d707c0b934b2c4aa38 Mon Sep 17 00:00:00 2001 From: Timothy Schenk Date: Wed, 1 Nov 2023 20:24:19 +0100 Subject: [PATCH] ci: add dependency track support --- .gitea/workflows/server.yaml | 28 ++++++++++++++++++++++++++++ sonar-project.properties | 6 ------ 2 files changed, 28 insertions(+), 6 deletions(-) delete mode 100644 sonar-project.properties diff --git a/.gitea/workflows/server.yaml b/.gitea/workflows/server.yaml index f37fc69..37a0061 100644 --- a/.gitea/workflows/server.yaml +++ b/.gitea/workflows/server.yaml @@ -48,3 +48,31 @@ jobs: - name: Sonarqube End run: | dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}" + dependency-track: + needs: build-server + runs-on: ubuntu-latest + if: gitea.ref == 'refs/heads/master' + steps: + - uses: actions/checkout@v3 + - name: Setup dotnet + uses: https://github.com/actions/setup-dotnet@v3 + with: + dotnet-version: 7.0 + - name: Install dependencies + run: | + dotnet restore + echo "::add-path::$HOME/.dotnet/tools" + - name: Setup Dependency Track Dependencies + run: | + dotnet tool install --global CycloneDX + - name: Generate SBOM + run: | + dotnet CycloneDX -o bom.xml + - name: Upload SBOM + uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1 + with: + apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }} + url: ${{ secrets.DEPENDENCY_TRACK_URL }} + project-name: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }} +# project-version: ${{ secrets.DEPENDENCY_TRACK_PROJECT_VERSION }} + bom: bom.xml diff --git a/sonar-project.properties b/sonar-project.properties deleted file mode 100644 index b79b0c5..0000000 --- a/sonar-project.properties +++ /dev/null @@ -1,6 +0,0 @@ -sonar.projectKey=wonderking_continuity_AYeecUUTs-PH__JrTRky -sonar.projectName=Continuity -sonar.projectVersion=1.0 -sonar.sources=. -sonar.language=cs -sonar.exclude=Benchmarks/**,bin/**,obj/**,Properties/**,wwwroot/**