fix(actions): static analysis on pre

Andre Vieira · Andre Vieira · commit 0309be7db46a · 2024-03-25T12:00:41.000Z
diff --git a/.github/workflows/prereleased.yaml b/.github/workflows/prereleased.yaml
@@ -26,7 +26,7 @@ env:
 
 permissions:
   id-token: write
-  contents: read
+  contents: write
   packages: read
 
 
@@ -167,3 +167,31 @@ jobs:
         git config user.name "Azory YData Bot"
         git commit -a -m "chore(bump): [CI] [DEV] bump ${{ env.COMPONENT }} package ${{ matrix.package }} to $VERSION"
         git push origin master
+
+
+  static-analysis:
+    name: Static Analysis
+    runs-on:
+    #- self-hosted
+    #- large
+    - ubuntu-22.04
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Create SBOM
+      uses: anchore/sbom-action@v0
+      with:
+        upload-artifact-retention: 1
+        format: cyclonedx-json
+        output-file: package-sbom.cyclonedx.json
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ secrets.AWS_S3_SBOMS_ROLE_ARN }}
+        aws-region: ${{ env.AWS_S3_REGION }}
+
+    - name: Copy SBOM to S3
+      run: |
+        aws s3 cp package-sbom.cyclonedx.json s3://repos-sboms/${{ github.event.repository.name }}/package-sbom.cyclonedx.json
