Rolling back the test SBOM changes

Author: sathiya-nhs

.github/workflows/sbom-test.yml

@@ -11,164 +11,100 @@ on:
           - yes
           - no
 
-# env:
-#   SYFT_VERSION: "1.27.1"
-#   TF_VERSION: "1.12.2"
-
-# jobs:
-#   deploy:
-#     name: Software Bill of Materials
-#     runs-on: ubuntu-latest
-#     permissions:
-#       actions: read
-#       contents: write
-#     steps:
-#       - name: Checkout
-#         uses: actions/checkout@v5        
-
-#       - name: Setup Python 3.13
-#         uses: actions/setup-python@v5
-#         with:
-#           python-version: "3.13"
-
-#       - name: Setup Terraform
-#         uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
-
-#       - uses: terraform-linters/setup-tflint@ae78205cfffec9e8d93fd2b3115c7e9d3166d4b6
-#         name: Setup TFLint
-
-#       - name: Set architecture variable
-#         id: os-arch
-#         run: |
-#           case "${{ runner.arch }}" in
-#             X64) ARCH="amd64" ;;
-#             ARM64) ARCH="arm64" ;;
-#           esac
-#           echo "arch=${ARCH}" >> $GITHUB_OUTPUT
-
-#       - name: Download and setup Syft
-#         run: |
-#           DOWNLOAD_URL="https://github.com/anchore/syft/releases/download/v${{ env.SYFT_VERSION }}/syft_${{ env.SYFT_VERSION }}_linux_${{ steps.os-arch.outputs.arch }}.tar.gz"
-#           echo "Downloading: ${DOWNLOAD_URL}"
-
-#           curl -L -o syft.tar.gz "${DOWNLOAD_URL}"
-#           tar -xzf syft.tar.gz
-#           chmod +x syft
-
-#           # Add to PATH for subsequent steps
-#           echo "$(pwd)" >> $GITHUB_PATH       
-
-#       - name: Create SBOM
-#         run: bash scripts/create-sbom.sh terraform python tflint
-
-#       - name: Convert SBOM JSON to CSV
-#         run: |
-#           pip install --upgrade pip
-#           pip install tabulate  
-#           REPO_NAME=$(basename $GITHUB_REPOSITORY)
-#           python .github/scripts/sbom_json_to_csv.py sbom.json SBOM_${REPO_NAME}.csv
-
-#       - name: Upload SBOM CSV as artifact
-#         uses: actions/upload-artifact@v4
-#         with:
-#           name: sbom-csv
-#           path: SBOM_${{ github.event.repository.name }}.csv
-
-#       - name: Install Grype
-#         run: |
-#           curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
-
-#       - name: Scan SBOM for Vulnerabilities (JSON)
-#         run: |
-#           grype sbom:sbom.json -o json > grype-report.json
-          
-      
-
-#       - name: Convert Grype JSON to CSV
-#         run: |
-#           pip install --upgrade pip
-#           REPO_NAME=$(basename $GITHUB_REPOSITORY)
-#           python .github/scripts/grype_json_to_csv.py grype-report.json grype-report-${REPO_NAME}.csv
-
-
-#       - name: Upload Vulnerability Report
-#         uses: actions/upload-artifact@v4
-#         with:
-#           name: grype-report
-#           path: grype-report-${{ github.event.repository.name }}.csv
-
-#       - name: Generate Package Inventory CSV
-#         run: |
-#           pip install --upgrade pip
-#           REPO_NAME=$(basename $GITHUB_REPOSITORY)
-#           python .github/scripts/sbom_packages_to_csv.py sbom.json $REPO_NAME
-
-#       - name: Upload Package Inventory CSV
-#         uses: actions/upload-artifact@v4
-#         with:
-#           name: sbom-packages
-#           path: sbom-packages-${{ github.event.repository.name }}.csv
+env:
+  SYFT_VERSION: "1.27.1"
+  TF_VERSION: "1.12.2"
 
 jobs:
-  sbom:
-    runs-on: ubuntu-22.04
-    container:
-      image: python:3.13-slim
-
+  deploy:
+    name: Software Bill of Materials
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5        
 
-      - name: Install Poetry and Tools
-        run: |
-          apt-get update && apt-get install -y curl
-          curl -sSL https://install.python-poetry.org | python3 -
-          export PATH="$HOME/.local/bin:$PATH"
-          pip install cyclonedx-bom tabulate
+      - name: Setup Python 3.13
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
 
-      
-      - name: Install Grype
-        run: |
-          curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
 
+      - uses: terraform-linters/setup-tflint@ae78205cfffec9e8d93fd2b3115c7e9d3166d4b6
+        name: Setup TFLint
 
-      - name: Install dependencies
+      - name: Set architecture variable
+        id: os-arch
         run: |
-          export PATH="$HOME/.local/bin:$PATH"
-          poetry install
+          case "${{ runner.arch }}" in
+            X64) ARCH="amd64" ;;
+            ARM64) ARCH="arm64" ;;
+          esac
+          echo "arch=${ARCH}" >> $GITHUB_OUTPUT
 
-      # Generate SBOM in JSON
-      - name: Generate SBOM (CycloneDX)
+      - name: Download and setup Syft
         run: |
-          cyclonedx-py poetry -o sbom.json --of json
+          DOWNLOAD_URL="https://github.com/anchore/syft/releases/download/v${{ env.SYFT_VERSION }}/syft_${{ env.SYFT_VERSION }}_linux_${{ steps.os-arch.outputs.arch }}.tar.gz"
+          echo "Downloading: ${DOWNLOAD_URL}"
+
+          curl -L -o syft.tar.gz "${DOWNLOAD_URL}"
+          tar -xzf syft.tar.gz
+          chmod +x syft
+
+          # Add to PATH for subsequent steps
+          echo "$(pwd)" >> $GITHUB_PATH       
+
+      - name: Create SBOM
+        run: bash scripts/create-sbom.sh terraform python tflint
 
-      # Convert SBOM JSON to CSV
       - name: Convert SBOM JSON to CSV
         run: |
-          python .github/scripts/sbom_json_to_csv.py sbom.json sbom.csv
+          pip install --upgrade pip
+          pip install tabulate  
+          REPO_NAME=$(basename $GITHUB_REPOSITORY)
+          python .github/scripts/sbom_json_to_csv.py sbom.json SBOM_${REPO_NAME}.csv
 
-      - name: Upload SBOM artifacts
+      - name: Upload SBOM CSV as artifact
         uses: actions/upload-artifact@v4
         with:
-          name: sbom-files
-          path: |
-            sbom.json
-            sbom.csv
+          name: sbom-csv
+          path: SBOM_${{ github.event.repository.name }}.csv
 
-      # Scan SBOM for vulnerabilities
-      - name: Scan SBOM for Vulnerabilities
+      - name: Install Grype
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
+
+      - name: Scan SBOM for Vulnerabilities (JSON)
         run: |
           grype sbom:sbom.json -o json > grype-report.json
+          
+      
 
-      # Convert Grype JSON to CSV
       - name: Convert Grype JSON to CSV
         run: |
-          python .github/scripts/grype_json_to_csv.py grype-report.json grype-report.csv
+          pip install --upgrade pip
+          REPO_NAME=$(basename $GITHUB_REPOSITORY)
+          python .github/scripts/grype_json_to_csv.py grype-report.json grype-report-${REPO_NAME}.csv
+
 
       - name: Upload Vulnerability Report
         uses: actions/upload-artifact@v4
         with:
           name: grype-report
-          path: |
-            grype-report.json
-            grype-report.csv
+          path: grype-report-${{ github.event.repository.name }}.csv
+
+      - name: Generate Package Inventory CSV
+        run: |
+          pip install --upgrade pip
+          REPO_NAME=$(basename $GITHUB_REPOSITORY)
+          python .github/scripts/sbom_packages_to_csv.py sbom.json $REPO_NAME
+
+      - name: Upload Package Inventory CSV
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom-packages
+          path: sbom-packages-${{ github.event.repository.name }}.csv