name: "Microsft SBOM"
on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read

    steps:
    - name: Checkout repository
      uses: actions/checkout@v3

    - name: Installing SBOM
      run: |
        curl -Lo $RUNNER_TEMP/sbom-tool https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64
        chmod +x $RUNNER_TEMP/sbom-tool

    - name: Generate SBOM
      run: |
        mkdir SBOMOUTPUT
        $RUNNER_TEMP/sbom-tool generate -b SBOMOUTPUT/ -bc . -pn ${{ github.repository }} -pv alpha -ps wipro -nsb https://github.com/hashicorp/vagrant
    
    - name: Upload SBOM artifact
      uses: actions/upload-artifact@v3
      with:
        name: sbom
        path: SBOMOUTPUT/_manifest/spdx_2.2/manifest.spdx.json