Skip to content

Commit

Permalink
Correctly attest SBOM file
Browse files Browse the repository at this point in the history
  • Loading branch information
@danjov
danjov committed Nov 8, 2024
1 parent af970be commit 9b34f73
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion .github/workflows/pre-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,12 +77,15 @@ jobs:
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

- name: Extract SBOM in SPDX format
run: docker sbom ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} --format spdx-json --output sbom.spdx.json

- name: Generate SBOM attestation
uses: actions/attest-sbom@v1
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
sbom-path: 'sbom.json'
sbom-path: 'sbom.spdx.json'
push-to-registry: true

- name: Create GitHub pre-release
Expand Down

0 comments on commit 9b34f73

Please sign in to comment.