File tree Expand file tree Collapse file tree 1 file changed +13
-1
lines changed Expand file tree Collapse file tree 1 file changed +13
-1
lines changed Original file line number Diff line number Diff line change @@ -64,12 +64,24 @@ jobs:
6464 env :
6565 IMAGE : ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
6666
67+ - uses : anchore/sbom-action@v0
68+ with :
69+ image : ${{ env.IMAGE }}
70+ format : spdx-json
71+ artifact-name : sbom.spdx.json
72+ output-file : /tmp/sbom.spdx.json
73+ env :
74+ IMAGE : ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
75+
6776 - name : Add Container Image Artifact
6877 run : chainloop attestation add --name image --value ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
6978
70- - name : Add SBOM Artifact
79+ - name : Add CycloneDX SBOM Artifact
7180 run : chainloop attestation add --name sbom --value /tmp/sbom.cyclonedx.json
7281
82+ - name : Add SPDX SBOM Artifact
83+ run : chainloop attestation add --name sbom --value /tmp/sbom.spdx.json
84+
7385 - name : Add Binary Artifact
7486 run : |
7587 BINARY_PATH="$(echo -n '${{ steps.release.outputs.metadata }}' | jq -r '"dist/" + .project_name + "_" + .version + "_" + .runtime.goos + "_" + .runtime.goarch + ".tar.gz"')"
You can’t perform that action at this time.
0 commit comments