Skip to content

Commit

Permalink
Merge pull request #117 from SovereignCloudStack/kr/use-json-formatting
Browse files Browse the repository at this point in the history
🌱 generate SBOM in json format with bom
  • Loading branch information
kranurag7 authored and kranurag7 committed Apr 24, 2024
2 parents 7cf3640 + f72baf0 commit baecfb6
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -83,12 +83,11 @@ jobs:
- name: Generate SBOM CSO
shell: bash
# To-Do: generate SBOM from source after https://github.com/kubernetes-sigs/bom/issues/202 is fixed
# To-Do: format SBOM output to json after cosign v2.0 is released with https://github.com/sigstore/cosign/pull/2479
run: |
bom generate -o sbom_ci_main_cso_${{ steps.metacso.outputs.version }}-spdx.json \
bom generate --format=json -o sbom_ci_main_cso_${{ steps.metacso.outputs.version }}-spdx.json \
--image=ghcr.io/sovereigncloudstack/cso:${{ steps.metacso.outputs.version }}
- name: Attach SBOM to Container Images cso
- name: Attest SBOM to Container Images cso
run: |
cosign attest --yes --type=spdxjson --predicate sbom_ci_main_cso_${{ steps.metacso.outputs.version }}-spdx.json ghcr.io/sovereigncloudstack/cso@${{ steps.docker_build_release_cso.outputs.digest }}
Expand Down Expand Up @@ -132,6 +131,7 @@ jobs:
- manager-image
steps:
- name: Set env
shell: bash
run: echo "RELEASE_TAG=${GITHUB_REF:10}" >> $GITHUB_ENV

- name: checkout code
Expand Down

0 comments on commit baecfb6

Please sign in to comment.