ci: add dependency track support

.gitea/workflows/server.yaml

@@ -48,3 +48,31 @@ jobs:
       - name: Sonarqube End
         run: |
           dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
+  dependency-track:
+    needs: build-server
+    runs-on: ubuntu-latest
+    if: gitea.ref == 'refs/heads/master'
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup dotnet
+        uses: https://github.com/actions/setup-dotnet@v3
+        with:
+          dotnet-version: 7.0
+      - name: Install dependencies
+        run: |
+          dotnet restore
+          echo "::add-path::$HOME/.dotnet/tools"
+      - name: Setup Dependency Track Dependencies
+        run: |
+          dotnet tool install --global CycloneDX
+      - name: Generate SBOM
+        run: |
+          dotnet CycloneDX -o bom.xml
+      - name: Upload SBOM
+        uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1
+        with:
+          apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
+          url: ${{ secrets.DEPENDENCY_TRACK_URL }}
+          project-name: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}
+#          project-version: ${{ secrets.DEPENDENCY_TRACK_PROJECT_VERSION }}
+          bom: bom.xml

sonar-project.properties

@@ -1,6 +0,0 @@
-sonar.projectKey=wonderking_continuity_AYeecUUTs-PH__JrTRky
-sonar.projectName=Continuity
-sonar.projectVersion=1.0
-sonar.sources=.
-sonar.language=cs
-sonar.exclude=Benchmarks/**,bin/**,obj/**,Properties/**,wwwroot/**