Egothor/Radixor
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: add CycloneDX SBOM generation and publishing support

Browse Source 
feat: add CycloneDX Gradle plugin for standards-based SBOM generation
feat: generate SBOM artifacts in JSON and XML formats
feat: publish SBOM artifacts in CI and expose them through project reports
fix: align CycloneDX task configuration with current plugin task model
fix: remove deprecated String-based projectType assignment for Gradle 10 compatibility
chore: keep SBOM scope focused on production classpaths only
This commit is contained in:
Leo Galambos
2026-04-15 17:38:27 +02:00
parent b0b33f8548
commit 2288852300
3 changed files with 58 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.github/workflows/build.yml vendored
View File

@@ -42,8 +42,19 @@ jobs:
- name: Set up Gradle caching and instrumentation
uses: gradle/actions/setup-gradle@v4
- name: Execute build, tests, PMD, coverage, Javadoc, and distribution packaging
run: ./gradlew --no-daemon clean build pmdMain javadoc jacocoTestReport distZip
- name: Execute build, tests, PMD, coverage, Javadoc, distribution packaging, and SBOM generation
run: ./gradlew --no-daemon clean build pmdMain javadoc jacocoTestReport distZip cyclonedxBom
- name: Upload SBOM
if: always()
uses: actions/upload-artifact@v4
with:
name: sbom
path: |
build/reports/sbom/radixor-sbom.json
build/reports/sbom/radixor-sbom.xml
if-no-files-found: error
retention-days: 14
- name: Upload test reports
if: always()
@@ -129,11 +140,14 @@ jobs:
- name: Set up Gradle caching and instrumentation
uses: gradle/actions/setup-gradle@v4
- name: Build release distribution
run: ./gradlew --no-daemon clean build pmdMain javadoc jacocoTestReport distZip
- name: Build release distribution and SBOM
run: ./gradlew --no-daemon clean build pmdMain javadoc jacocoTestReport distZip cyclonedxBom
- name: Publish GitHub release assets
uses: softprops/action-gh-release@v2
with:
generate_release_notes: true
files: build/distributions/*.zip
files: |
build/distributions/*.zip
build/reports/sbom/radixor-sbom.json
build/reports/sbom/radixor-sbom.xml