feat: add new operation to list security advisories (#311) #152

	name: Generate and ingest SBOM into sbom.eclipse.org

	on:
	push:
	branches: [main]
	workflow_dispatch:
	inputs:
	version:
	description: 'Version'
	default: 'main'
	required: true

	permissions:
	contents: read

	jobs:
	generate-sbom:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	ref: ${{ github.event.inputs.version }}
	- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
	with:
	python-version: '3.12'
	- name: Install cyclonedx-py
	run: pipx install cyclonedx-bom
	- name: Generate sbom
	run: cyclonedx-py poetry --with main,app -o otterdog-bom.json
	- name: Upload sbom
	uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
	with:
	name: otterdog-bom.json
	path: otterdog-bom.json

	upload-sbom:
	if: github.repository == 'eclipse-csi/otterdog'
	runs-on: ubuntu-latest
	needs: [ 'generate-sbom' ]
	steps:
	- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
	with:
	name: otterdog-bom.json

	- name: Extract version
	id: version
	run: \|
	VERSION="$(jq -r '.metadata.component.version' < otterdog-bom.json)"
	echo "version=$(echo ${VERSION})" >> $GITHUB_OUTPUT

	- uses: DependencyTrack/gh-upload-sbom@48feab3080ff9e8f51f4d21861d9fc914eb744f5 # v3.1.0
	with:
	serverHostname: 'sbom.eclipse.org'
	apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
	projectName: 'otterdog'
	projectVersion: ${{ steps.version.outputs.version }}
	bomFilename: "otterdog-bom.json"
	parentName: 'otterdog'
	parentVersion: 'parent'
	autoCreate: true

Provide feedback