ci: add dependency track support
This commit is contained in:
parent
e44180e13e
commit
636af4b812
2 changed files with 28 additions and 6 deletions
|
@ -48,3 +48,31 @@ jobs:
|
|||
- name: Sonarqube End
|
||||
run: |
|
||||
dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
|
||||
dependency-track:
|
||||
needs: build-server
|
||||
runs-on: ubuntu-latest
|
||||
if: gitea.ref == 'refs/heads/master'
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Setup dotnet
|
||||
uses: https://github.com/actions/setup-dotnet@v3
|
||||
with:
|
||||
dotnet-version: 7.0
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
dotnet restore
|
||||
echo "::add-path::$HOME/.dotnet/tools"
|
||||
- name: Setup Dependency Track Dependencies
|
||||
run: |
|
||||
dotnet tool install --global CycloneDX
|
||||
- name: Generate SBOM
|
||||
run: |
|
||||
dotnet CycloneDX -o bom.xml
|
||||
- name: Upload SBOM
|
||||
uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1
|
||||
with:
|
||||
apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
|
||||
url: ${{ secrets.DEPENDENCY_TRACK_URL }}
|
||||
project-name: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}
|
||||
# project-version: ${{ secrets.DEPENDENCY_TRACK_PROJECT_VERSION }}
|
||||
bom: bom.xml
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
sonar.projectKey=wonderking_continuity_AYeecUUTs-PH__JrTRky
|
||||
sonar.projectName=Continuity
|
||||
sonar.projectVersion=1.0
|
||||
sonar.sources=.
|
||||
sonar.language=cs
|
||||
sonar.exclude=Benchmarks/**,bin/**,obj/**,Properties/**,wwwroot/**
|
Loading…
Reference in a new issue