diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 42e8dcd..5b2ab18 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -27,7 +27,6 @@ jobs: uses: actions/setup-dotnet@v4 with: dotnet-version: | - 3.1.x 5.0.x 6.0.x 7.0.x @@ -165,7 +164,7 @@ jobs: --settings coverlet.runsettings ` --results-directory "./TestResults" ` --logger "console;verbosity=minimal" - + if ($LASTEXITCODE -ne 0) { Write-Error "❌ Tests failed (no explicit TargetFramework) in $($testProj.Name)" exit $LASTEXITCODE @@ -303,7 +302,6 @@ jobs: uses: actions/setup-dotnet@v4 with: dotnet-version: | - 3.1.x 5.0.x 6.0.x 7.0.x @@ -473,6 +471,34 @@ jobs: Pop-Location } + - name: Generate SBOM (CycloneDX) + if: steps.check-packages.outputs.has-packages == 'true' + shell: pwsh + run: | + dotnet tool install --global CycloneDX + + $sbomDir = Join-Path $PWD 'nuget-packages' + $srcProjects = Get-ChildItem -Path 'src' -Filter '*.csproj' -Recurse -ErrorAction SilentlyContinue + + if ($srcProjects.Count -eq 0) { + Write-Warning "No projects found in src/ - skipping SBOM generation" + return + } + + foreach ($proj in $srcProjects) { + $sbomName = "$($proj.BaseName).bom.json" + $sbomPath = Join-Path $sbomDir $sbomName + + Write-Host "📋 Generating SBOM for $($proj.Name)" -ForegroundColor Cyan + dotnet CycloneDX $proj.FullName --output $sbomDir --filename $sbomName --json + + if ($LASTEXITCODE -ne 0) { + Write-Warning "⚠️ SBOM generation failed for $($proj.Name) - continuing" + } else { + Write-Host "✅ SBOM generated: $sbomName" -ForegroundColor Green + } + } + - name: Upload NuGet packages uses: actions/upload-artifact@v4 with: @@ -592,5 +618,6 @@ jobs: tag_name: ${{ github.event.release.tag_name }} files: | ./nuget-packages/*.nupkg + ./nuget-packages/*.bom.json release-coverage.zip