diff --git a/content/integrations/github-actions.mdx b/content/integrations/github-actions.mdx index f792b47..09bb6a5 100644 --- a/content/integrations/github-actions.mdx +++ b/content/integrations/github-actions.mdx @@ -11,8 +11,10 @@ toc: headings: - name: Option 1 - Build and push action id: option-1--depot-build-and-push-action - - name: Option 2 - Depot CLI - id: option-2--depot-cli + - name: Option 2 — Depot bake action + id: option-2--depot-bake-action + - name: Option 3 - Depot CLI + id: option-3--depot-cli - name: Examples id: examples headings: @@ -44,7 +46,8 @@ import {DocsTOC} from '~/components/DocsTOC' id: 'configuration', headings: [ {name: 'Option 1 - Build and push action', id: 'option-1--depot-build-and-push-action'}, - {name: 'Option 2 - Depot CLI', id: 'option-2--depot-cli'}, + {name: 'Option 2 — Depot bake action', id: 'option-2--depot-bake-action'} + {name: 'Option 3 - Depot CLI', id: 'option-3--depot-cli'}, ], }, { @@ -116,17 +119,16 @@ jobs: contents: read id-token: write steps: - - uses: actions/checkout@v3 - # The depot CLI still needs to be available in your workflow - - uses: depot/setup-action@v1 + - name: Checkout repo + uses: actions/checkout@v3 + + - name: Set up Depot CLI + uses: depot/setup-action@v1 + - uses: depot/build-push-action@v1 with: # if no depot.json file is at the root of your repo, you must specify the project id project: - context: . - push: true - tags: | - ... # Pass project token or user access token if you're not using OIDC token authentication token: ${{ secrets.DEPOT_TOKEN }} ``` @@ -148,7 +150,8 @@ jobs: - name: Checkout repo uses: actions/checkout@v3 - - uses: depot/setup-action@v1 + - name: Set up Depot CLI + uses: depot/setup-action@v1 - name: Bake Docker images uses: depot/bake-action@v1 @@ -169,8 +172,12 @@ jobs: build: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 - - uses: depot/setup-action@v1 + - name: Checkout repo + uses: actions/checkout@v3 + + - name: Set up Depot CLI + uses: depot/setup-action@v1 + - run: depot build --project --push --tag repo/image:tag . env: DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }} @@ -471,3 +478,41 @@ jobs: - name: Run integration test with built container run: ... ``` + +### Build an image with Software Bill of Materials + +Build an image with a Software Bill of Materials (SBOM) using the `sbom` and `sbom-dir` inputs. The `sbom` input will generate an SBOM for the image, and the `sbom-dir` input will output the SBOM to the specified directory. You can then use the `actions/upload-artifact` action to upload the SBOM directory as a build artifact. + +```yaml +name: Build an image with SBOM + +on: + push: + branches: + - main + +jobs: + docker-image: + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v3 + + - name: Set up Depot CLI + uses: depot/setup-action@v1 + + - name: Build and load + uses: depot/build-push-action@v1 + with: + # if no depot.json file is at the root of your repo, you must specify the project id + project: + token: ${{ secrets.DEPOT_PROJECT_TOKEN }} + sbom: true + sbom-dir: ./sbom-output + + - name: upload SBOM directory as a build artifact + uses: actions/upload-artifact@v3.1.0 + with: + path: ./sbom-output + name: 'SBOM' +```