@@ -124,7 +124,7 @@ jobs:
124124 annotations : ${{ inputs.set-meta-annotations && steps.meta.outputs.annotations || '' }}
125125 github-token : ${{ secrets.github-token || github.token }}
126126 -
127- name : Get attestations manifest digest
127+ name : Get attestations digest
128128 id : attest
129129 uses : actions/github-script@v7
130130 env :
@@ -141,11 +141,28 @@ jobs:
141141 throw new Error(res.stderr);
142142 }
143143 manifest = JSON.parse(res.stdout.trim());
144- core.info(JSON.stringify(manifest, null, 2));
145144 });
146145 });
146+
147+ let attestationManifestDigests = [];
147148 await core.group(`Get attestations manifest digest`, async () => {
148- const attestationDigests = manifest.manifests.filter(m => m.annotations && m.annotations['vnd.docker.reference.type'] === 'attestation-manifest').map(m => m.digest);
149+ attestationManifestDigests = manifest.manifests.filter(m => m.annotations && m.annotations['vnd.docker.reference.type'] === 'attestation-manifest').map(m => m.digest);
150+ core.info(JSON.stringify(attestationManifestDigests, null, 2));
151+ });
152+
153+ await core.group(`Get attestations digest`, async () => {
154+ let attestationDigests = [];
155+ for (const digest of attestationManifestDigests) {
156+ await exec.getExecOutput('docker', ['buildx', 'imagetools', 'inspect', `${core.getInput('image-name')}@${digest}`, '--format', '{{json .Digest}}'], {
157+ ignoreReturnCode: true
158+ }).then(res => {
159+ if (res.stderr.length > 0 && res.exitCode != 0) {
160+ throw new Error(res.stderr);
161+ }
162+ manifest = JSON.parse(res.stdout.trim());
163+ attestationDigests = attestationDigests.concat(manifest.layers.map(layer => layer.digest));
164+ });
165+ }
149166 core.info(JSON.stringify(attestationDigests, null, 2));
150167 core.setOutput('digests', attestationDigests.join('\n'));
151168 });
0 commit comments