ci: update gh workflow

Signed-off-by: Sonu Saha <[email protected]>

Author: ahasunos

Diff for: .github/workflows/bundler_audit.yml

@@ -1,30 +1,73 @@
-name: Bundler Audit / Vulnerability Scan
+name: Download SBOM from Insights and Convert to CSV
+
+# on:
+#   workflow_dispatch:
+
+
+# # NOTE: We would probably want to run this workflow on every push to main and not on pull requests
+# # on:
+# #   push:
+# #     branches:
+# #       - main
 
 on:
-  schedule:
-    - cron: '0 0 * * 0' # Weekly on Sundays at midnight
-  push:
-    branches:
-      - main
   pull_request:
     branches:
       - main
 
 jobs:
-  audit:
+  convert-sbom:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Checkout code
+    - name: Checkout Code
       uses: actions/checkout@v3
 
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 3.2
+    - name: Set Timestamp and Unique Filename
+      run: |
+        FILE_PREFIX=$(echo "${{ github.repository }}" | sed 's|/|-|g')-$(date +%Y%m%d%H%M%S)
+        echo "FILE_PREFIX=${FILE_PREFIX}" >> $GITHUB_ENV
+
+    - name: Download SBOM
+      run: |
+        curl -L \
+          -H "Accept: application/vnd.github+json" \
+          -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+          -H "X-GitHub-Api-Version: 2022-11-28" \
+          https://api.github.com/repos/${{ github.repository }}/dependency-graph/sbom \
+          -o "${FILE_PREFIX}-sbom.json"
 
-    - name: Install dependencies
-      run: bundle install
+    - name: Verify SBOM JSON File
+      run: |
+        ls -l "${FILE_PREFIX}-sbom.json"
 
-    - name: Run Bundler Audit
-      run: bundle exec bundler-audit check --update
+    - name: Preview SBOM JSON Content
+      run: |
+        head -n 20 "${FILE_PREFIX}-sbom.json"
+
+    - name: Convert SBOM to CSV using jq
+      run: |
+        jq -r '
+          .sbom.packages[] | [
+            .name,
+            .SPDXID,
+            .versionInfo,
+            .downloadLocation,
+            ( .externalRefs[]? | .referenceLocator )
+          ] | @csv' "${FILE_PREFIX}-sbom.json" > "${FILE_PREFIX}-sbom.csv"
+
+    - name: Verify SBOM CSV File
+      run: |
+        ls -l "${FILE_PREFIX}-sbom.csv"
+
+    - name: Upload SBOM JSON as Artifact
+      uses: actions/upload-artifact@v3
+      with:
+        name: sbom-json
+        path: ${{ env.FILE_PREFIX }}-sbom.json
+
+    - name: Upload SBOM CSV as Artifact
+      uses: actions/upload-artifact@v3
+      with:
+        name: sbom-csv
+        path: ${{ env.FILE_PREFIX }}-sbom.csv