From ebb15090f06e0ead22d02ff1ccdc674f5f68cfbc Mon Sep 17 00:00:00 2001 From: Mikhail Preyskurantov <5574159+mpreyskurantov@users.noreply.github.com> Date: Mon, 25 May 2026 21:19:39 +0300 Subject: [PATCH 1/6] cyclonedx cli validate sbom --- .github/workflows/build_all.yml | 30 ++++++++++++++++++++++- .github/workflows/packages_publishing.yml | 28 ++++++++++++++++++++- 2 files changed, 56 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_all.yml b/.github/workflows/build_all.yml index 32a5bf059e82..95df6143537b 100644 --- a/.github/workflows/build_all.yml +++ b/.github/workflows/build_all.yml @@ -17,6 +17,7 @@ on: env: NX_CLOUD_ACCESS_TOKEN: ${{ github.ref_name == github.event.repository.default_branch && secrets.NX_CLOUD_ACCESS_TOKEN || '' }} NX_SKIP_NX_CACHE: ${{ contains(github.event.pull_request.labels.*.name, 'skip-cache') && 'true' || 'false' }} + CYCLONEDX_CLI_VERSION: 0.32.0 jobs: build: @@ -70,7 +71,34 @@ jobs: pnpm set //npm.pkg.github.com/:_authToken="$NODE_AUTH_TOKEN"; pnpm nx build sbom; - - name: Upload SBOM artifacts + - name: Install CycloneDX CLI + if: ${{ github.event_name == 'push' || github.event.inputs.SBOM == 'true' }} + shell: bash + run: | + tool_dir="$RUNNER_TEMP/cyclonedx-cli" + mkdir -p "$tool_dir" + curl -fsSL "https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${{ env.CYCLONEDX_CLI_VERSION }}/cyclonedx-linux-x64" -o "$tool_dir/cyclonedx" + chmod +x "$tool_dir/cyclonedx" + echo "$tool_dir" >> "$GITHUB_PATH" + + - name: Validate SBOMs + if: ${{ github.event_name == 'push' || github.event.inputs.SBOM == 'true' }} + shell: bash + run: | + shopt -s nullglob + sbom_files=(packages/sbom/dist/*.sbom.json) + + if [ ${#sbom_files[@]} -eq 0 ]; then + echo "No SBOM files found in packages/sbom/dist" + exit 1 + fi + + for file in "${sbom_files[@]}"; do + echo "Validating $file" + cyclonedx validate --input-file "$file" --input-format json --fail-on-errors + done + + - name: Upload SBOMs if: ${{ github.event_name == 'push' || github.event.inputs.SBOM == 'true' }} uses: actions/upload-artifact@v7 with: diff --git a/.github/workflows/packages_publishing.yml b/.github/workflows/packages_publishing.yml index 06b2ba623c51..3d58095fc690 100644 --- a/.github/workflows/packages_publishing.yml +++ b/.github/workflows/packages_publishing.yml @@ -20,6 +20,7 @@ env: NX_SKIP_NX_CACHE: true FILTER: ${{ github.event_name == 'workflow_dispatch' && inputs.filter || '' }} SET_TIMESTAMP_VERSION: ${{ inputs.tag == 'daily' }} + CYCLONEDX_CLI_VERSION: 0.32.0 jobs: build: @@ -81,10 +82,35 @@ jobs: pnpm set "//npm.pkg.github.com/:_authToken" "$env:NODE_AUTH_TOKEN" pnpm nx build sbom; + - name: Install CycloneDX CLI + shell: bash + run: | + tool_dir="$RUNNER_TEMP/cyclonedx-cli" + mkdir -p "$tool_dir" + curl -fsSL "https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${{ env.CYCLONEDX_CLI_VERSION }}/cyclonedx-win-x64.exe" -o "$tool_dir/cyclonedx.exe" + chmod +x "$tool_dir/cyclonedx.exe" || true + echo "$tool_dir" >> "$GITHUB_PATH" + + - name: Validate SBOMs + shell: bash + run: | + shopt -s nullglob + sbom_files=(packages/sbom/dist/*.sbom.json) + + if [ ${#sbom_files[@]} -eq 0 ]; then + echo "No SBOM files found in packages/sbom/dist" + exit 1 + fi + + for file in "${sbom_files[@]}"; do + echo "Validating $file" + cyclonedx validate --input-file "$file" --input-format json --fail-on-errors + done + - name: Build artifacts package run: pnpm run make-artifacts-package - - name: Upload SBOM artifact + - name: Upload SBOMs uses: actions/upload-artifact@v7 with: name: sbom From 5411141c1d5146e9e28dd1865275686d52226d81 Mon Sep 17 00:00:00 2001 From: Mikhail Preyskurantov <5574159+mpreyskurantov@users.noreply.github.com> Date: Wed, 3 Jun 2026 19:04:15 +0300 Subject: [PATCH 2/6] sha256sum / checksum --- .github/workflows/build_all.yml | 2 ++ .github/workflows/packages_publishing.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/build_all.yml b/.github/workflows/build_all.yml index 95df6143537b..be285e8473b4 100644 --- a/.github/workflows/build_all.yml +++ b/.github/workflows/build_all.yml @@ -18,6 +18,7 @@ env: NX_CLOUD_ACCESS_TOKEN: ${{ github.ref_name == github.event.repository.default_branch && secrets.NX_CLOUD_ACCESS_TOKEN || '' }} NX_SKIP_NX_CACHE: ${{ contains(github.event.pull_request.labels.*.name, 'skip-cache') && 'true' || 'false' }} CYCLONEDX_CLI_VERSION: 0.32.0 + CYCLONEDX_CLI_LINUX_X64_SHA256: 454879e6a4a405c8a13bff49b8982adcb0596f3019b26b0811c66e4d7f0783e1 jobs: build: @@ -78,6 +79,7 @@ jobs: tool_dir="$RUNNER_TEMP/cyclonedx-cli" mkdir -p "$tool_dir" curl -fsSL "https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${{ env.CYCLONEDX_CLI_VERSION }}/cyclonedx-linux-x64" -o "$tool_dir/cyclonedx" + echo "${{ env.CYCLONEDX_CLI_LINUX_X64_SHA256 }} $tool_dir/cyclonedx" | sha256sum -c - chmod +x "$tool_dir/cyclonedx" echo "$tool_dir" >> "$GITHUB_PATH" diff --git a/.github/workflows/packages_publishing.yml b/.github/workflows/packages_publishing.yml index 3d58095fc690..a5c84421659a 100644 --- a/.github/workflows/packages_publishing.yml +++ b/.github/workflows/packages_publishing.yml @@ -21,6 +21,7 @@ env: FILTER: ${{ github.event_name == 'workflow_dispatch' && inputs.filter || '' }} SET_TIMESTAMP_VERSION: ${{ inputs.tag == 'daily' }} CYCLONEDX_CLI_VERSION: 0.32.0 + CYCLONEDX_CLI_WIN_X64_SHA256: b1c00dbb40e628ec8c1252771871341ac4d4aaf032f832d83bd22cb2b1d258ae jobs: build: @@ -88,6 +89,7 @@ jobs: tool_dir="$RUNNER_TEMP/cyclonedx-cli" mkdir -p "$tool_dir" curl -fsSL "https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${{ env.CYCLONEDX_CLI_VERSION }}/cyclonedx-win-x64.exe" -o "$tool_dir/cyclonedx.exe" + echo "${{ env.CYCLONEDX_CLI_WIN_X64_SHA256 }} $tool_dir/cyclonedx.exe" | sha256sum -c - chmod +x "$tool_dir/cyclonedx.exe" || true echo "$tool_dir" >> "$GITHUB_PATH" From 73369e3846c558eaff11f4c0c68c14fa3040f1d3 Mon Sep 17 00:00:00 2001 From: Mikhail Preyskurantov <5574159+mpreyskurantov@users.noreply.github.com> Date: Fri, 5 Jun 2026 14:43:26 +0300 Subject: [PATCH 3/6] CYCLONEDX_CLI: WIN -> LINUX (after #33854) --- .github/workflows/packages_publishing.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/packages_publishing.yml b/.github/workflows/packages_publishing.yml index 70f72396b140..ba609e05bb67 100644 --- a/.github/workflows/packages_publishing.yml +++ b/.github/workflows/packages_publishing.yml @@ -21,7 +21,7 @@ env: FILTER: ${{ github.event_name == 'workflow_dispatch' && inputs.filter || '' }} SET_TIMESTAMP_VERSION: ${{ inputs.tag == 'daily' }} CYCLONEDX_CLI_VERSION: 0.32.0 - CYCLONEDX_CLI_WIN_X64_SHA256: b1c00dbb40e628ec8c1252771871341ac4d4aaf032f832d83bd22cb2b1d258ae + CYCLONEDX_CLI_LINUX_X64_SHA256: 454879e6a4a405c8a13bff49b8982adcb0596f3019b26b0811c66e4d7f0783e1 jobs: build: @@ -66,8 +66,8 @@ jobs: run: | tool_dir="$RUNNER_TEMP/cyclonedx-cli" mkdir -p "$tool_dir" - curl -fsSL "https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${{ env.CYCLONEDX_CLI_VERSION }}/cyclonedx-win-x64.exe" -o "$tool_dir/cyclonedx.exe" - echo "${{ env.CYCLONEDX_CLI_WIN_X64_SHA256 }} $tool_dir/cyclonedx.exe" | sha256sum -c - + curl -fsSL "https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${{ env.CYCLONEDX_CLI_VERSION }}/cyclonedx-linux-x64" -o "$tool_dir/cyclonedx" + echo "${{ env.CYCLONEDX_CLI_LINUX_X64_SHA256 }} $tool_dir/cyclonedx" | sha256sum -c - chmod +x "$tool_dir/cyclonedx.exe" || true echo "$tool_dir" >> "$GITHUB_PATH" From 76ef292018766b672641cad270b7afb3bb140164 Mon Sep 17 00:00:00 2001 From: Mikhail Preyskurantov <5574159+mpreyskurantov@users.noreply.github.com> Date: Fri, 5 Jun 2026 15:07:03 +0300 Subject: [PATCH 4/6] CYCLONEDX_CLI: WIN -> LINUX, v2, exe || true (after #33854) Signed-off-by: Mikhail Preyskurantov <5574159+mpreyskurantov@users.noreply.github.com> --- .github/workflows/packages_publishing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/packages_publishing.yml b/.github/workflows/packages_publishing.yml index ba609e05bb67..21d0185d4ee2 100644 --- a/.github/workflows/packages_publishing.yml +++ b/.github/workflows/packages_publishing.yml @@ -68,7 +68,7 @@ jobs: mkdir -p "$tool_dir" curl -fsSL "https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${{ env.CYCLONEDX_CLI_VERSION }}/cyclonedx-linux-x64" -o "$tool_dir/cyclonedx" echo "${{ env.CYCLONEDX_CLI_LINUX_X64_SHA256 }} $tool_dir/cyclonedx" | sha256sum -c - - chmod +x "$tool_dir/cyclonedx.exe" || true + chmod +x "$tool_dir/cyclonedx" echo "$tool_dir" >> "$GITHUB_PATH" - name: Validate SBOMs From aaffe18392a1c69fc54137cd6d13b02a3ac56124 Mon Sep 17 00:00:00 2001 From: Mikhail Preyskurantov <5574159+mpreyskurantov@users.noreply.github.com> Date: Fri, 5 Jun 2026 18:46:03 +0300 Subject: [PATCH 5/6] SBOM package(s) flow (like for NPM package(s)) --- .github/workflows/packages_publishing.yml | 66 +++++++++++++++++++++-- 1 file changed, 61 insertions(+), 5 deletions(-) diff --git a/.github/workflows/packages_publishing.yml b/.github/workflows/packages_publishing.yml index 21d0185d4ee2..64d4aa02dd32 100644 --- a/.github/workflows/packages_publishing.yml +++ b/.github/workflows/packages_publishing.yml @@ -93,14 +93,14 @@ jobs: - name: Upload SBOMs uses: actions/upload-artifact@v7 with: - name: sbom + name: sbom-packages path: packages/sbom/dist retention-days: 7 - name: Upload packages uses: actions/upload-artifact@v7 with: - name: packages + name: npm-packages path: artifacts/npm/*.tgz retention-days: 2 @@ -122,10 +122,17 @@ jobs: - name: Get sources uses: actions/checkout@v6 - - name: Download artifacts + - name: Download packages uses: actions/download-artifact@v8 with: - name: packages + name: npm-packages + path: npm-packages + + - name: Download SBOMs + uses: actions/download-artifact@v8 + with: + name: sbom-packages + path: sbom-packages - name: Use Node.js uses: actions/setup-node@v6 @@ -145,13 +152,49 @@ jobs: PACKAGE: ${{ matrix.package }} run: | SCOPE=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]'); - PACKAGE_DIR=$(pnpm --silent run change-package-scope --tgz $PACKAGE.tgz --scope $SCOPE) + PACKAGE_DIR=$(pnpm --silent run change-package-scope --tgz npm-packages/$PACKAGE.tgz --scope $SCOPE) echo "packageDir=$PACKAGE_DIR" >> "$GITHUB_OUTPUT"; cd $PACKAGE_DIR; pnpm pkg get name | tr -d '"' | sed -r 's/(.*)/name=\1/' >> "$GITHUB_OUTPUT"; pnpm pkg get version | tr -d '"' | sed -r 's/(.*)/version=\1/' >> "$GITHUB_OUTPUT"; pnpm pkg get version | tr -d '"' | sed -r 's/([0-9]+\.[0-9]+).*/majorVersion=\1/' >> "$GITHUB_OUTPUT"; + - name: Build SBOM package + id: scopedSbomPackage + env: + PACKAGE_NAME: ${{ steps.scopedPackage.outputs.name }} + PACKAGE_VERSION: ${{ steps.scopedPackage.outputs.version }} + run: | + UNSCOPED_PACKAGE_NAME=$(echo "$PACKAGE_NAME" | sed -r 's#^@[^/]+/##'); + SBOM_FILE="sbom-packages/$UNSCOPED_PACKAGE_NAME.sbom.json"; + + # if [ ! -f "$SBOM_FILE" ]; then + # echo "No SBOM found for $UNSCOPED_PACKAGE_NAME" + # echo "hasSbom=false" >> "$GITHUB_OUTPUT"; + # exit 0; + # fi + + SCOPE=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]'); + SBOM_PACKAGE_NAME="$UNSCOPED_PACKAGE_NAME-sbom"; + SBOM_PACKAGE_DIR="sbom-package/$SBOM_PACKAGE_NAME"; + SBOM_TGZ_DIR="sbom-package-tgz"; + PACKAGE_LICENSE=$(node -p "require('./package.json').license"); + PACKAGE_AUTHOR=$(node -p "require('./package.json').author"); + + mkdir -p "$SBOM_PACKAGE_DIR" "$SBOM_TGZ_DIR"; + cp "$SBOM_FILE" "$SBOM_PACKAGE_DIR/"; + cd "$SBOM_PACKAGE_DIR"; + node -e "const fs = require('fs'); const [name, version, license, author] = process.argv.slice(1); fs.writeFileSync('package.json', JSON.stringify({ name, version, license, author }, null, 2));" "$SBOM_PACKAGE_NAME" "$PACKAGE_VERSION" "$PACKAGE_LICENSE" "$PACKAGE_AUTHOR"; + npm pack --pack-destination "../../$SBOM_TGZ_DIR"; + cd ../..; + + SCOPED_SBOM_PACKAGE_DIR=$(pnpm --silent run change-package-scope --tgz "$SBOM_TGZ_DIR/$SBOM_PACKAGE_NAME-$PACKAGE_VERSION.tgz" --scope "$SCOPE"); + echo "packageDir=$SCOPED_SBOM_PACKAGE_DIR" >> "$GITHUB_OUTPUT"; + cd "$SCOPED_SBOM_PACKAGE_DIR"; + pnpm pkg get name | tr -d '"' | sed -r 's/(.*)/name=\1/' >> "$GITHUB_OUTPUT"; + pnpm pkg get version | tr -d '"' | sed -r 's/(.*)/version=\1/' >> "$GITHUB_OUTPUT"; + pnpm pkg get version | tr -d '"' | sed -r 's/([0-9]+\.[0-9]+).*/majorVersion=\1/' >> "$GITHUB_OUTPUT"; + # --ignore-scripts is required for publishing devextreme-angular which fails with error: # 'Trying to publish a package that has been compiled by Ivy in full compilation mode.' # Should be removed. @@ -167,6 +210,19 @@ jobs: pnpm publish --no-git-checks --quiet --ignore-scripts --tag $PACKAGE_VERSION_MAJOR-${{ inputs.tag }} --registry https://npm.pkg.github.com; pnpm dist-tag add $PACKAGE_NAME@$PACKAGE_VERSION latest --registry=https://npm.pkg.github.com; + # --ignore-scripts - like above, should be removed, check if could be removed everywhere + - name: Publish SBOM to npm.pkg.github.com + working-directory: ${{ steps.scopedSbomPackage.outputs.packageDir }} + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PACKAGE_NAME: ${{ steps.scopedSbomPackage.outputs.name }} + PACKAGE_VERSION: ${{ steps.scopedSbomPackage.outputs.version }} + PACKAGE_VERSION_MAJOR: ${{ steps.scopedSbomPackage.outputs.majorVersion }} + run: | + pnpm set //npm.pkg.github.com/:_authToken="$NODE_AUTH_TOKEN"; + pnpm publish --no-git-checks --quiet --ignore-scripts --tag $PACKAGE_VERSION_MAJOR-${{ inputs.tag }} --registry https://npm.pkg.github.com; + pnpm dist-tag add $PACKAGE_NAME@$PACKAGE_VERSION latest --registry=https://npm.pkg.github.com; + notify: runs-on: devextreme-shr2 name: Send notifications From 0da90d64ff6db956a8857ebbc41fc1976453f6fe Mon Sep 17 00:00:00 2001 From: Mikhail Preyskurantov <5574159+mpreyskurantov@users.noreply.github.com> Date: Fri, 5 Jun 2026 19:01:09 +0300 Subject: [PATCH 6/6] SBOM package(s) optimized flow only (no NPM package(s)) --- .github/workflows/packages_publishing.yml | 98 ++++------------------- 1 file changed, 14 insertions(+), 84 deletions(-) diff --git a/.github/workflows/packages_publishing.yml b/.github/workflows/packages_publishing.yml index 64d4aa02dd32..4db59ba9faf1 100644 --- a/.github/workflows/packages_publishing.yml +++ b/.github/workflows/packages_publishing.yml @@ -20,8 +20,6 @@ env: NX_SKIP_NX_CACHE: true FILTER: ${{ github.event_name == 'workflow_dispatch' && inputs.filter || '' }} SET_TIMESTAMP_VERSION: ${{ inputs.tag == 'daily' }} - CYCLONEDX_CLI_VERSION: 0.32.0 - CYCLONEDX_CLI_LINUX_X64_SHA256: 454879e6a4a405c8a13bff49b8982adcb0596f3019b26b0811c66e4d7f0783e1 jobs: build: @@ -29,6 +27,7 @@ jobs: runs-on: ubuntu-latest outputs: packages: ${{ steps.filter.outputs.packages }} + version: ${{ steps.packageVersion.outputs.version }} steps: - name: Get sources uses: actions/checkout@v6 @@ -49,47 +48,20 @@ jobs: if: ${{ env.SET_TIMESTAMP_VERSION == 'true' }} run: pnpm run all:set-timestamp-version - - name: Build npm packages - env: - BUILD_INTERNAL_PACKAGE: true - run: pnpm run all:build + - name: Get package version + id: packageVersion + run: | + PACKAGE_VERSION=$(node -p "require('./package.json').version") + echo "version=$PACKAGE_VERSION" >> "$GITHUB_OUTPUT" - name: Build SBOMs + continue-on-error: true env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | pnpm set //npm.pkg.github.com/:_authToken="$NODE_AUTH_TOKEN"; pnpm nx build sbom; - - name: Install CycloneDX CLI - shell: bash - run: | - tool_dir="$RUNNER_TEMP/cyclonedx-cli" - mkdir -p "$tool_dir" - curl -fsSL "https://github.com/CycloneDX/cyclonedx-cli/releases/download/v${{ env.CYCLONEDX_CLI_VERSION }}/cyclonedx-linux-x64" -o "$tool_dir/cyclonedx" - echo "${{ env.CYCLONEDX_CLI_LINUX_X64_SHA256 }} $tool_dir/cyclonedx" | sha256sum -c - - chmod +x "$tool_dir/cyclonedx" - echo "$tool_dir" >> "$GITHUB_PATH" - - - name: Validate SBOMs - shell: bash - run: | - shopt -s nullglob - sbom_files=(packages/sbom/dist/*.sbom.json) - - if [ ${#sbom_files[@]} -eq 0 ]; then - echo "No SBOM files found in packages/sbom/dist" - exit 1 - fi - - for file in "${sbom_files[@]}"; do - echo "Validating $file" - cyclonedx validate --input-file "$file" --input-format json --fail-on-errors - done - - - name: Build artifacts package - run: pnpm run make-artifacts-package - - name: Upload SBOMs uses: actions/upload-artifact@v7 with: @@ -97,18 +69,11 @@ jobs: path: packages/sbom/dist retention-days: 7 - - name: Upload packages - uses: actions/upload-artifact@v7 - with: - name: npm-packages - path: artifacts/npm/*.tgz - retention-days: 2 - - name: Filter packages id: filter - working-directory: artifacts/npm + working-directory: packages/sbom/dist shell: bash - run: ls *.tgz | grep -E -i "$FILTER" | sed -r 's/^(.*).tgz$/"\1"/g' | paste -sd "," - | sed -r 's/(.*)/packages=[\1]/' >> "$GITHUB_OUTPUT" + run: ls *.sbom.json | grep -E -i "$FILTER" | sed -r 's/^(.*).sbom.json$/"\1"/g' | paste -sd "," - | sed -r 's/(.*)/packages=[\1]/' >> "$GITHUB_OUTPUT" publish: name: Publish package @@ -122,12 +87,6 @@ jobs: - name: Get sources uses: actions/checkout@v6 - - name: Download packages - uses: actions/download-artifact@v8 - with: - name: npm-packages - path: npm-packages - - name: Download SBOMs uses: actions/download-artifact@v8 with: @@ -146,36 +105,22 @@ jobs: - name: Install dependencies run: pnpm install --frozen-lockfile - - name: Change package scope - id: scopedPackage - env: - PACKAGE: ${{ matrix.package }} - run: | - SCOPE=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]'); - PACKAGE_DIR=$(pnpm --silent run change-package-scope --tgz npm-packages/$PACKAGE.tgz --scope $SCOPE) - echo "packageDir=$PACKAGE_DIR" >> "$GITHUB_OUTPUT"; - cd $PACKAGE_DIR; - pnpm pkg get name | tr -d '"' | sed -r 's/(.*)/name=\1/' >> "$GITHUB_OUTPUT"; - pnpm pkg get version | tr -d '"' | sed -r 's/(.*)/version=\1/' >> "$GITHUB_OUTPUT"; - pnpm pkg get version | tr -d '"' | sed -r 's/([0-9]+\.[0-9]+).*/majorVersion=\1/' >> "$GITHUB_OUTPUT"; - - name: Build SBOM package id: scopedSbomPackage env: - PACKAGE_NAME: ${{ steps.scopedPackage.outputs.name }} - PACKAGE_VERSION: ${{ steps.scopedPackage.outputs.version }} + PACKAGE: ${{ matrix.package }} + PACKAGE_VERSION: ${{ needs.build.outputs.version }} run: | - UNSCOPED_PACKAGE_NAME=$(echo "$PACKAGE_NAME" | sed -r 's#^@[^/]+/##'); - SBOM_FILE="sbom-packages/$UNSCOPED_PACKAGE_NAME.sbom.json"; + SBOM_FILE="sbom-packages/$PACKAGE.sbom.json"; # if [ ! -f "$SBOM_FILE" ]; then - # echo "No SBOM found for $UNSCOPED_PACKAGE_NAME" + # echo "No SBOM found for $PACKAGE" # echo "hasSbom=false" >> "$GITHUB_OUTPUT"; # exit 0; # fi SCOPE=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]'); - SBOM_PACKAGE_NAME="$UNSCOPED_PACKAGE_NAME-sbom"; + SBOM_PACKAGE_NAME="$PACKAGE-sbom"; SBOM_PACKAGE_DIR="sbom-package/$SBOM_PACKAGE_NAME"; SBOM_TGZ_DIR="sbom-package-tgz"; PACKAGE_LICENSE=$(node -p "require('./package.json').license"); @@ -195,21 +140,6 @@ jobs: pnpm pkg get version | tr -d '"' | sed -r 's/(.*)/version=\1/' >> "$GITHUB_OUTPUT"; pnpm pkg get version | tr -d '"' | sed -r 's/([0-9]+\.[0-9]+).*/majorVersion=\1/' >> "$GITHUB_OUTPUT"; - # --ignore-scripts is required for publishing devextreme-angular which fails with error: - # 'Trying to publish a package that has been compiled by Ivy in full compilation mode.' - # Should be removed. - - name: Publish to npm.pkg.github.com - working-directory: ${{ steps.scopedPackage.outputs.packageDir }} - env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PACKAGE_NAME: ${{ steps.scopedPackage.outputs.name }} - PACKAGE_VERSION: ${{ steps.scopedPackage.outputs.version }} - PACKAGE_VERSION_MAJOR: ${{ steps.scopedPackage.outputs.majorVersion }} - run: | - pnpm set //npm.pkg.github.com/:_authToken="$NODE_AUTH_TOKEN"; - pnpm publish --no-git-checks --quiet --ignore-scripts --tag $PACKAGE_VERSION_MAJOR-${{ inputs.tag }} --registry https://npm.pkg.github.com; - pnpm dist-tag add $PACKAGE_NAME@$PACKAGE_VERSION latest --registry=https://npm.pkg.github.com; - # --ignore-scripts - like above, should be removed, check if could be removed everywhere - name: Publish SBOM to npm.pkg.github.com working-directory: ${{ steps.scopedSbomPackage.outputs.packageDir }}