Fix SBOM generation of frontend

puzzle · Feb 5, 2024 · d4bf076 · d4bf076
1 parent 5494691
commit d4bf076
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
@@ -26,13 +26,13 @@ jobs:
           cdxgen -o ./sbom-ruby.xml -t ruby .
 
       - name: 'Generate SBOM for npm dependencies'
-        working-directory: frontend
         run: |
-          cdxgen -o ../sbom-npm.xml -t npm .
+          cdxgen -o ./sbom-npm.xml -t npm .
 
       - name: 'Merge frontend and backend SBOMs'
-        run: |
-          docker run --rm -v $(pwd):/data cyclonedx/cyclonedx-cli merge --input-files data/sbom-ruby.xml data/sbom-npm.xml --output-file data/sbom.xml
+        uses: docker://cyclonedx/cyclonedx-cli
+        with:
+          args: merge --input-files data/sbom-ruby.xml data/sbom-npm.xml --output-file sbom.xml
 
       - name: 'Push merged SBOM to dependency track'
         env: