From 1528beb5c107d297eec50834be57d2e51bc4da44 Mon Sep 17 00:00:00 2001 From: Nils Hanke Date: Tue, 21 Feb 2023 16:05:53 +0100 Subject: [PATCH] fixup! ci: use cosign attest directly instead of syft attest --- .github/actions/container_sbom/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/container_sbom/action.yml b/.github/actions/container_sbom/action.yml index 8372d3238e1..8ce055ca48c 100644 --- a/.github/actions/container_sbom/action.yml +++ b/.github/actions/container_sbom/action.yml @@ -34,7 +34,7 @@ runs: run: | set -ex syft packages ${{ inputs.containerReference }} -o cyclonedx-json > container-image-predicate.json - cosign attest --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type cyclonedx > container-image.att.json + cosign attest ${{ inputs.containerReference }} --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type cyclonedx > container-image.att.json cosign attach attestation ${{ inputs.containerReference }} --attestation container-image.att.json # TODO: type should be auto-discovered after issue is resolved: # https://github.com/sigstore/cosign/issues/2264