Skip to content

Commit

Permalink
attach attestation using cosign
Browse files Browse the repository at this point in the history
  • Loading branch information
@dtrai2
dtrai2 committed Dec 17, 2024
1 parent d409118 commit 64bf655
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,11 +181,12 @@ jobs:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
DIGEST: ${{ steps.build-and-push.outputs.digest }}

- name: Add SBOM to container image
- name: Create SBOM of container image
uses: anchore/sbom-action@v0
with:
image: ghcr.io/fkie-cad/logprep:py${{ matrix.python-version }}-${{ github.head_ref }}@${{ steps.build-and-push.outputs.digest }}
artifact-name: py${{ matrix.python-version }}-${{ github.head_ref }}.spdx.json

- uses: anchore/sbom-action/publish-sbom@v0
with:
sbom-artifact-match: ".*\\.spdx$"
- name: Attach SBOM attestation to image
run: |
cosign attach attestation --attestation py${{ matrix.python-version }}-${{ github.head_ref }}.spdx.json ghcr.io/fkie-cad/logprep:py${{ matrix.python-version }}-${{ github.head_ref }}@${{ steps.build-and-push.outputs.digest }}

0 comments on commit 64bf655

Please sign in to comment.