mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
ci: specify URL predicate because shortnames are unreliable
This commit is contained in:
parent
3c24fa37e8
commit
9b1c9f971f
4
.github/actions/container_sbom/action.yml
vendored
4
.github/actions/container_sbom/action.yml
vendored
@ -34,9 +34,9 @@ runs:
|
|||||||
run: |
|
run: |
|
||||||
set -ex
|
set -ex
|
||||||
syft packages ${{ inputs.containerReference }} -o cyclonedx-json > container-image-predicate.json
|
syft packages ${{ inputs.containerReference }} -o cyclonedx-json > container-image-predicate.json
|
||||||
cosign attest ${{ inputs.containerReference }} --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type cyclonedx > container-image.att.json
|
cosign attest ${{ inputs.containerReference }} --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type "https://cyclonedx.org/bom" > container-image.att.json
|
||||||
cosign attach attestation ${{ inputs.containerReference }} --attestation container-image.att.json
|
cosign attach attestation ${{ inputs.containerReference }} --attestation container-image.att.json
|
||||||
# TODO: type should be auto-discovered after issue is resolved:
|
# TODO: type should be auto-discovered after issue is resolved:
|
||||||
# https://github.com/sigstore/cosign/issues/2264
|
# https://github.com/sigstore/cosign/issues/2264
|
||||||
cosign verify-attestation ${{ inputs.containerReference }} --type 'https://cyclonedx.org/bom' --key env://COSIGN_PUBLIC_KEY
|
cosign verify-attestation ${{ inputs.containerReference }} --type "https://cyclonedx.org/bom" --key env://COSIGN_PUBLIC_KEY
|
||||||
grype ${{ inputs.containerReference }} --fail-on high --only-fixed --add-cpes-if-none
|
grype ${{ inputs.containerReference }} --fail-on high --only-fixed --add-cpes-if-none
|
||||||
|
Loading…
Reference in New Issue
Block a user