feat: make yaml file more consistent, including cache and setting an unique artifact name

jesmrec · jesmrec · commit 3583e87fcfab · 2025-06-13T14:21:27.000+02:00
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
@@ -1,11 +1,11 @@
 name: SBOM 
 
-on:
+permissions:
+  contents: read
 
+on:
   workflow_dispatch:
   pull_request:
-    branches:
-      - "*"
 
 jobs:
   sbom:
@@ -15,24 +15,50 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      # Caches Gradle dependencies to avoid downloading them on every run
+      - name: Cache Gradle dependencies
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+            ~/.gradle/wrapper/dists/
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
+
       - name: Set up JDK 17
         uses: actions/setup-java@v4
         with:
           java-version: '17'
           distribution: 'temurin'
 
       - name: Install xsltproc
-        run: sudo apt-get update && sudo apt-get install -y xsltproc
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y xsltproc
 
+      # Use --no-daemon to prevent Gradle from running in the background
       - name: Generate SBOM (CycloneDX)
-        run: ./gradlew cyclonedxBom
+        run: ./gradlew --no-daemon cyclonedxBom  
 
       - name: Convert SBOM to HTML
         run: xsltproc sbom/cyclonedx-xml-to-html.xslt build/reports/bom.xml > sbom.html
 
-      - name: Upload SBOM as artifact
-        if: success()
+      # Create a specific artifact name using the branch name and timestamp
+      - name: Set artifact name
+        id: vars
+        run: |
+          BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
+          SAFE_BRANCH=$(echo "$BRANCH" | tr '/' '-' | tr '[:upper:]' '[:lower:]')
+          TIMESTAMP=$(date -u +"%Y%m%d-%H%M%S")
+          echo "artifact_name=sbom-${SAFE_BRANCH}-${TIMESTAMP}" >> $GITHUB_OUTPUT
+
+      - name: Rename SBOM HTML file to match artifact name
+        run: mv sbom.html "${{ steps.vars.outputs.artifact_name }}.html"
+
+      - name: Upload SBOM artifact
         uses: actions/upload-artifact@v4
         with:
-          name: sbom
-          path: sbom.html
+          name: ${{ steps.vars.outputs.artifact_name }}
+          path: ${{ steps.vars.outputs.artifact_name }}.html
