From 350ccb26472ab82b74a6916a6e8d1126fa83437d Mon Sep 17 00:00:00 2001 From: Nils Hanke Date: Thu, 2 Feb 2023 16:28:37 +0100 Subject: [PATCH] ci: workaround Syft overwriting COSIGN_PASSWORD --- .github/actions/container_sbom/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/container_sbom/action.yml b/.github/actions/container_sbom/action.yml index 5b68d6d2b89..8093c37bb88 100644 --- a/.github/actions/container_sbom/action.yml +++ b/.github/actions/container_sbom/action.yml @@ -31,6 +31,7 @@ runs: COSIGN_PUBLIC_KEY: ${{ inputs.cosignPublicKey }} COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }} COSIGN_PASSWORD: ${{ inputs.cosignPassword }} + SYFT_ATTEST_PASSWORD: ${{ inputs.cosignPassword }} # Required for Syft 0.69.0+ as they overwrite COSIGN_PASSWORD run: | set -ex echo "$COSIGN_PRIVATE_KEY" > cosign.key