v7.17.1 #4

	name: Dtrack SBOM publish

	env:
	NODE_VERSION: "24"

	on:
	release:
	types:
	- released
	- prereleased

	jobs:
	publish-sbom-to-dtrack:
	name: Publish SBOM to Dependency-Track
	runs-on: ubuntu-24.04
	steps:
	- name: Checkout project
	uses: actions/checkout@v6

	- name: Install additional libraries
	uses: ./.github/actions/install-packages

	- name: Node version ${{ env.NODE_VERSION }}
	uses: actions/setup-node@v6
	with:
	node-version: ${{ env.NODE_VERSION }}

	- run: npm install
	- name: Create SBOM with CycloneDX
	run: npx @cyclonedx/cyclonedx-npm -o bom.xml --of=XML

	- name: Get the current project version from package.json
	id: get-version
	run: \|
	echo "version=$(jq -r .version package.json)" >> $GITHUB_OUTPUT

	- name: Publish SBOM to Dependency-Track
	uses: DependencyTrack/gh-upload-sbom@v3
	with:
	serverhostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }}
	apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
	projectname: 'Kuzzle SDK JavaScript'
	projectversion: '${{ steps.get-version.outputs.version }}'
	bomfilename: "./bom.xml"
	autocreate: true

Provide feedback