Skip to content

Commit

Permalink
fixup! ci: use cosign attest directly instead of syft attest
Browse files Browse the repository at this point in the history
  • Loading branch information
Nirusu committed Feb 21, 2023
1 parent f61cfb6 commit 1528beb
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/actions/container_sbom/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ runs:
run: |
set -ex
syft packages ${{ inputs.containerReference }} -o cyclonedx-json > container-image-predicate.json
cosign attest --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type cyclonedx > container-image.att.json
cosign attest ${{ inputs.containerReference }} --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type cyclonedx > container-image.att.json
cosign attach attestation ${{ inputs.containerReference }} --attestation container-image.att.json
# TODO: type should be auto-discovered after issue is resolved:
# https://github.com/sigstore/cosign/issues/2264
Expand Down

0 comments on commit 1528beb

Please sign in to comment.