Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions .github/workflows/dependency-scan.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: Dependency Scan
# Call this by uses: launchdarkly/gh-actions/.github/workflows/dependency-scan.yml@main

on:
workflow_call:
inputs:
types:
description: 'SBOM types to generate (e.g., "nodejs" or "nodejs,go"). See https://cyclonedx.github.io/cdxgen/#/PROJECT_TYPES'
required: false
default: 'nodejs'
type: string
runs-on:
description: 'Runner specification'
required: false
default: 'ubuntu-latest'
type: string

jobs:
generate-sbom:
runs-on: ${{ inputs.runs-on }}
steps:
- uses: actions/checkout@v4

- name: Generate SBOM
uses: launchdarkly/gh-actions/actions/dependency-scan/generate-sbom@main
with:
types: ${{ inputs.types }}

evaluate-policy:
runs-on: ${{ inputs.runs-on }}
needs:
- generate-sbom
steps:
- uses: actions/checkout@v4

- name: Evaluate SBOM Policy
uses: launchdarkly/gh-actions/actions/dependency-scan/evaluate-policy@main
with:
artifacts-pattern: bom*
10 changes: 6 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,19 @@ This repository contains LaunchDarkly shared GitHub Actions and Workflows for ot
| Name | Description |
|---------------------------------------------------------------|-----------------------------------------------|
| [contract-tests](./actions/contract-tests/README.md) | Run SDK/SSE contract tests. |
| [dependency-scan](./actions/dependency-scan/README.md) | Generate SBOM and evaluate license policy. |
| [persistent-stores](./actions/persistent-stores/README.md) | Start persistent stores on linux/mac/windows. |
| [publish-pages](./actions/publish-pages/README.md) | Publishes documentation to Github Pages. |
| [release-secrets](./actions/release-secrets/README.md) | Retrieve secrets from AWS Secrets Manager. |
| [sign-dlls](./actions/sign-dlls/README.md) | Sign dotnet DLL (assembly) files. |
| [verify-hello-apps](./actions/verify-hello-app/README.md) | Run shared quality-checks for hello-apps. |

## Workflows
| Name | Description |
|--------------------------------------------------------|------------------------------------------------------------------------|
| [sdk-stale](./.github/workflows/sdk-stale.yml) | Warns about stale issues, and then closes when required. |
| [lint-pr-title](./.github/workflows/lint-pr-title.yml) | Ensures PR titles follow [Conventional Commits][conventional-commits]. |
| Name | Description |
|---------------------------------------------------------------------|------------------------------------------------------------------------|
| [dependency-scan](./.github/workflows/dependency-scan.yml) | Generates SBOM and evaluates license policy. |
| [sdk-stale](./.github/workflows/sdk-stale.yml) | Warns about stale issues, and then closes when required. |
| [lint-pr-title](./.github/workflows/lint-pr-title.yml) | Ensures PR titles follow [Conventional Commits][conventional-commits]. |


[conventional-commits]: https://www.conventionalcommits.org/en/v1.0.0/