remove spdx

pasha-codefresh · pasha-codefresh · commit 3c5b69ade644 · 2023-07-19T13:20:04.000+03:00
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -134,37 +134,6 @@ jobs:
           make release-plugins
           make manifests IMAGE_TAG=${{ github.event.inputs.tag }}
 
-      - name: Generate SBOM (spdx)
-        id: spdx-builder
-        env:
-          # defines the spdx/spdx-sbom-generator version to use.
-          SPDX_GEN_VERSION: v0.0.13
-          # defines the sigs.k8s.io/bom version to use.
-          SIGS_BOM_VERSION: v0.2.1
-          # comma delimited list of project relative folders to inspect for package
-          # managers (gomod, yarn, npm).
-          PROJECT_FOLDERS: ".,./ui"
-          # full qualified name of the docker image to be inspected
-          DOCKER_IMAGE: quay.io/codefresh/argo-rollouts:${{ github.event.inputs.tag }}
-
-        run: |
-          yarn install --cwd ./ui
-          go install github.com/spdx/spdx-sbom-generator/cmd/generator@$SPDX_GEN_VERSION
-          go install sigs.k8s.io/bom/cmd/bom@$SIGS_BOM_VERSION
-
-          # Generate SPDX for project dependencies analyzing package managers
-          for folder in $(echo $PROJECT_FOLDERS | sed "s/,/ /g")
-          do
-            generator -p $folder -o /tmp
-          done
-
-          # Generate SPDX for binaries analyzing the docker image
-          if [[ ! -z $DOCKER_IMAGE ]]; then
-            bom generate -o /tmp/bom-docker-image.spdx -i $DOCKER_IMAGE
-          fi
-
-          cd /tmp && tar -zcf sbom.tar.gz *.spdx
-
       - name: Draft release
         uses: softprops/action-gh-release@v1
         with:
