diff --git a/.github/workflows/update-dependencies-from-metadata.yml b/.github/workflows/update-dependencies-from-metadata.yml index 1b25cff6..894f71a4 100644 --- a/.github/workflows/update-dependencies-from-metadata.yml +++ b/.github/workflows/update-dependencies-from-metadata.yml @@ -5,6 +5,13 @@ on: schedule: - cron: '57 13 * * *' # daily at 13:57 UTC +env: + AWS_REGION : "us-east-1" +permissions: + id-token: write # This is required for requesting the JWT + contents: write # This is required for actions/checkout + + jobs: retrieve: name: Retrieve New Versions and Generate Metadata @@ -221,6 +228,12 @@ jobs: echo "artifact-file=$(basename ./*.tgz)" >> "$GITHUB_OUTPUT" echo "checksum-file=$(basename ./*.tgz.checksum)" >> "$GITHUB_OUTPUT" + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.ROLE }} + aws-region: ${{ env.AWS_REGION }} + - name: Get Checksum id: get-checksum run: echo "checksum=$(cat ${{ steps.get-file-names.outputs.checksum-file }})" >> "$GITHUB_OUTPUT" diff --git a/dependency/retrieval/retrieve.go b/dependency/retrieval/retrieve.go index 54ec912b..1933f024 100644 --- a/dependency/retrieval/retrieve.go +++ b/dependency/retrieval/retrieve.go @@ -78,7 +78,7 @@ func generateMetadata(hasVersion versionology.VersionFetcher) ([]versionology.De Licenses: retrieve.LookupLicenses(nginxURL, decompress), PURL: retrieve.GeneratePURL("nginx", nginxVersion, sourceSHA, nginxURL), CPE: fmt.Sprintf("cpe:2.3:a:nginx:nginx:%s:*:*:*:*:*:*:*", nginxVersion), - Stacks: []string{"io.buildpacks.stacks.bionic"}, + Stacks: []string{"Initializ Distroless Stack"}, } bionicDependency, err := versionology.NewDependency(dep, "bionic") @@ -86,7 +86,7 @@ func generateMetadata(hasVersion versionology.VersionFetcher) ([]versionology.De return nil, fmt.Errorf("could get sha: %w", err) } - dep.Stacks = []string{"io.buildpacks.stacks.jammy"} + dep.Stacks = []string{"Initializ Distroless Stack"} jammyDependency, err := versionology.NewDependency(dep, "jammy") if err != nil {