From 9f3cc0f8e9637ddada0fab1f7cc41a970c89400f Mon Sep 17 00:00:00 2001
From: Denys Melnyk <denis@codefresh.io>
Date: Mon, 21 Aug 2023 15:57:01 +0300
Subject: [PATCH] fix workflows/release.yml file upload

---
 .github/workflows/release.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6dd0b13b28..8bf7bb07ee 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -142,7 +142,7 @@ jobs:
       - uses: actions/download-artifact@v3
         with:
           name: sbom.tar.gz
-          path: dist/
+          path: /tmp
 
       - name: Registry Login
         uses: docker/login-action@v2
@@ -172,7 +172,7 @@ jobs:
         run: |
           cosign sign -y quay.io/${{ secrets.QUAYIO_ORG }}/argo-events@$IMAGE_DIGEST
           cosign sign-blob -y ./dist/argo-events-checksums.txt > ./dist/argo-events-checksums.sig
-          cosign sign-blob -y ./dist/sbom.tar.gz > ./dist/sbom.tar.gz.sig
+          cosign sign-blob -y /tmp/sbom.tar.gz > /tmp/sbom.tar.gz.sig
 
       - name: Release binaries
         uses: softprops/action-gh-release@v1
@@ -183,7 +183,7 @@ jobs:
             dist/argo-events-checksums.txt
             dist/argo-events-checksums.sig
             manifests/*.yaml
-            dist/sbom.tar.gz
-            dist/sbom.tar.gz.sig
+            /tmp/sbom.tar.gz
+            /tmp/sbom.tar.gz.sig
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}