From 6a08c8f809b3798d13d8acdc669ab062676a68e6 Mon Sep 17 00:00:00 2001 From: Anjali Trace Date: Fri, 23 Jan 2026 15:41:09 +0000 Subject: [PATCH 1/3] NRL-1417 add SBOM generation step pre-emptively - will not work util new version published of shared trivy actions --- .github/workflows/daily-build.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/daily-build.yml b/.github/workflows/daily-build.yml index f7c84d787..47d1487c3 100644 --- a/.github/workflows/daily-build.yml +++ b/.github/workflows/daily-build.yml @@ -38,6 +38,11 @@ jobs: - name: Run Unit Tests run: make test + - name: Generate SBOM + uses: nhs-england-tools/trivy-action/sbom-scan@v1.4.0 + with: + repo-path: "./" + - name: Build Project run: make build From 5a6f355cbb793204e0f34ae4ab4f6adda7aee5a7 Mon Sep 17 00:00:00 2001 From: Anjali Trace Date: Fri, 23 Jan 2026 16:00:58 +0000 Subject: [PATCH 2/3] NRL-1417 temporarily add SBOM step to PR workflow to test --- .github/workflows/pr-env-deploy.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/pr-env-deploy.yml b/.github/workflows/pr-env-deploy.yml index 7a0f13128..e5deb46b0 100644 --- a/.github/workflows/pr-env-deploy.yml +++ b/.github/workflows/pr-env-deploy.yml @@ -2,6 +2,7 @@ name: Deploy PR Environment run-name: "${{ github.event.action == 'synchronize' && 'Update' || 'Create' }} PR Environment - #${{ github.event.pull_request.number }} (${{ github.event.pull_request.title }})" on: + workflow_dispatch: pull_request: types: [opened, reopened, synchronize] @@ -68,6 +69,11 @@ jobs: - name: Build Project run: make build + - name: Generate SBOM + uses: nhs-england-tools/trivy-action/sbom-scan@v1.4.0 + with: + repo-path: "./" + - name: Configure Management Credentials uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a #v4.3.1 with: From d30594e574fe4ad71db5f2d1d451824ec4d5e0a4 Mon Sep 17 00:00:00 2001 From: Anjali Trace Date: Fri, 23 Jan 2026 16:17:05 +0000 Subject: [PATCH 3/3] NRL-1417 SBOM step needs docker in action image --- .github/workflows/daily-build.yml | 20 +++++++++++++++----- .github/workflows/pr-env-deploy.yml | 6 ------ 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/.github/workflows/daily-build.yml b/.github/workflows/daily-build.yml index 47d1487c3..c0b61d867 100644 --- a/.github/workflows/daily-build.yml +++ b/.github/workflows/daily-build.yml @@ -38,11 +38,6 @@ jobs: - name: Run Unit Tests run: make test - - name: Generate SBOM - uses: nhs-england-tools/trivy-action/sbom-scan@v1.4.0 - with: - repo-path: "./" - - name: Build Project run: make build @@ -72,3 +67,18 @@ jobs: with: key: ${{ github.run_id }}-nrlf-permissions path: dist/nrlf_permissions.zip + + sbom: + name: Generate SBOM - ${{ github.ref }} + runs-on: ubuntu-latest + + steps: + - name: Git clone - ${{ github.ref }} + uses: actions/checkout@v4 + with: + ref: ${{ github.ref }} + + - name: Generate SBOM + uses: nhs-england-tools/trivy-action/sbom-scan@v1.4.0 + with: + repo-path: "./" diff --git a/.github/workflows/pr-env-deploy.yml b/.github/workflows/pr-env-deploy.yml index e5deb46b0..7a0f13128 100644 --- a/.github/workflows/pr-env-deploy.yml +++ b/.github/workflows/pr-env-deploy.yml @@ -2,7 +2,6 @@ name: Deploy PR Environment run-name: "${{ github.event.action == 'synchronize' && 'Update' || 'Create' }} PR Environment - #${{ github.event.pull_request.number }} (${{ github.event.pull_request.title }})" on: - workflow_dispatch: pull_request: types: [opened, reopened, synchronize] @@ -69,11 +68,6 @@ jobs: - name: Build Project run: make build - - name: Generate SBOM - uses: nhs-england-tools/trivy-action/sbom-scan@v1.4.0 - with: - repo-path: "./" - - name: Configure Management Credentials uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a #v4.3.1 with: