Added checksum creation for sbom v8.5.0

swmal · swmal · commit d45ce3b5d867 · 2026-03-19T13:18:29.000+01:00
diff --git a/.github/workflows/Build-Release.yml b/.github/workflows/Build-Release.yml
@@ -1,3 +1,7 @@
+# This workflow will build, test, sign and pack the release branches for EPPlus.
+# It will also generate and publish an SBOM
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net
+
 name: Build Release Branches
 
 on:
@@ -30,6 +34,12 @@ jobs:
       shell: pwsh
     - name: Generate SBOM
       run: dotnet CycloneDX ./src/EPPlus/EPPlus.csproj -o ./sbom -F Json -st Library -sv ${{ env.VERSION }} -fn epplus-${{ env.VERSION }}.sbom.json -imp ./src/EPPlus/sbom-metadata-template.xml
+    - name: Generate SHA-256 checksum for SBOM
+      run: |
+        $sbomFile = "./sbom/epplus-${{ env.VERSION }}.sbom.json"
+        $hash = (Get-FileHash -Path $sbomFile -Algorithm SHA256).Hash.ToLower()
+        "$hash  epplus-${{ env.VERSION }}.sbom.json" | Out-File -FilePath "./sbom/epplus-${{ env.VERSION }}.sbom.json.sha256" -Encoding utf8NoBOM
+      shell: pwsh
     # --- SBOM ---
 
     - name: Build
@@ -92,10 +102,21 @@ jobs:
           --auth-mode login `
           --overwrite
       shell: pwsh
-
+    - name: Upload SBOM checksum to Azure Blob Storage
+      run: |
+        az storage blob upload `
+          --account-name eppluswebprod `
+          --container-name sbom `
+          --name epplus-${{ env.VERSION }}.sbom.json.sha256 `
+          --file ./sbom/epplus-${{ env.VERSION }}.sbom.json.sha256 `
+          --auth-mode login `
+          --overwrite
+      shell: pwsh
     - name: Upload SBOM as artifact
       uses: actions/upload-artifact@v4
       with:
           name: sbom
-          path: ./sbom/epplus-${{ env.VERSION }}.sbom.json
-    # --- SBOM ---
+          path: |
+            ./sbom/epplus-${{ env.VERSION }}.sbom.json
+            ./sbom/epplus-${{ env.VERSION }}.sbom.json.sha256
+    # --- SBOM ---
