Merge pull request #23 from depot/gha-updates

GHA updates
depot · Oct 6, 2023 · 27b0203 · 27b0203
2 parents 22a7a48 + 0852cc6
commit 27b0203
Showing 1 changed file with 58 additions and 13 deletions.
diff --git a/content/integrations/github-actions.mdx b/content/integrations/github-actions.mdx
@@ -11,8 +11,10 @@ toc:
     headings:
       - name: Option 1 - Build and push action
         id: option-1--depot-build-and-push-action
-      - name: Option 2 - Depot CLI
-        id: option-2--depot-cli
+      - name: Option 2 — Depot bake action
+        id: option-2--depot-bake-action
+      - name: Option 3 - Depot CLI
+        id: option-3--depot-cli
   - name: Examples
     id: examples
     headings:
@@ -44,7 +46,8 @@ import {DocsTOC} from '~/components/DocsTOC'
       id: 'configuration',
       headings: [
         {name: 'Option 1 - Build and push action', id: 'option-1--depot-build-and-push-action'},
-        {name: 'Option 2 - Depot CLI', id: 'option-2--depot-cli'},
+        {name: 'Option 2 — Depot bake action', id: 'option-2--depot-bake-action'}
+        {name: 'Option 3 - Depot CLI', id: 'option-3--depot-cli'},
       ],
     },
     {
@@ -116,17 +119,16 @@ jobs:
       contents: read
       id-token: write
     steps:
-      - uses: actions/checkout@v3
-      # The depot CLI still needs to be available in your workflow
-      - uses: depot/setup-action@v1
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Set up Depot CLI
+        uses: depot/setup-action@v1
+
       - uses: depot/build-push-action@v1
         with:
           # if no depot.json file is at the root of your repo, you must specify the project id
           project: <your-depot-project-id>
-          context: .
-          push: true
-          tags: |
-            ...
           # Pass project token or user access token if you're not using OIDC token authentication
           token: ${{ secrets.DEPOT_TOKEN }}
 ```
@@ -148,7 +150,8 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@v3
 
-      - uses: depot/setup-action@v1
+      - name: Set up Depot CLI
+        uses: depot/setup-action@v1
 
       - name: Bake Docker images
         uses: depot/bake-action@v1
@@ -169,8 +172,12 @@ jobs:
   build:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
-      - uses: depot/setup-action@v1
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Set up Depot CLI
+        uses: depot/setup-action@v1
+
       - run: depot build --project <your-project-id> --push --tag repo/image:tag .
         env:
           DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }}
@@ -471,3 +478,41 @@ jobs:
       - name: Run integration test with built container
         run: ...
 ```
+
+### Build an image with Software Bill of Materials
+
+Build an image with a Software Bill of Materials (SBOM) using the `sbom` and `sbom-dir` inputs. The `sbom` input will generate an SBOM for the image, and the `sbom-dir` input will output the SBOM to the specified directory. You can then use the `actions/upload-artifact` action to upload the SBOM directory as a build artifact.
+
+```yaml
+name: Build an image with SBOM
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  docker-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Set up Depot CLI
+        uses: depot/setup-action@v1
+
+      - name: Build and load
+        uses: depot/build-push-action@v1
+        with:
+          # if no depot.json file is at the root of your repo, you must specify the project id
+          project: <your-depot-project-id>
+          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
+          sbom: true
+          sbom-dir: ./sbom-output
+
+      - name: upload SBOM directory as a build artifact
+        uses: actions/[email protected]
+        with:
+          path: ./sbom-output
+          name: 'SBOM'
+```