ci: log cosign attest verification to file to release pipeline remove…

… hangs (keptn#2975) Signed-off-by: shivam <[email protected]>
Bharadwajshivam28 · Feb 20, 2024 · 40e81a4 · 40e81a4
1 parent 7dc250e
commit 40e81a4
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
@@ -565,6 +565,7 @@ spanhandler
 spanid
 spanitem
 spdx
+spdxjson
 spf
 squidfunk
 sre

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -207,11 +207,21 @@ jobs:
         env:
           IMAGE_DIGEST: ${{ steps.docker_build_image.outputs.digest }}
         run: |
-          cosign attest --yes --type spdx --predicate ./sbom-${{ matrix.config.name }}.spdx.json ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }}
+          echo "Attesting SBOM for this release and image..."
+          cosign attest --yes --type spdxjson --predicate ./sbom-${{ matrix.config.name }}.spdx.json ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }}
+          echo "Verifying that the attestation worked..."
           cosign verify-attestation --type spdx \
             --certificate-identity-regexp="https://github.com/keptn/lifecycle-toolkit/.*" \
             --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
+            --output-file ./cosign-attest-output.json
             ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }}
+          echo "Result of verification:"
+
+      - name: Upload verification log as artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: cosign-attest-verification-log
+          path: ./cosign-attest-output.json
 
   update-examples:
     name: Update examples
-Original file line number
+Diff line change
@@ Expand Up / @@ -565,6 +565,7 @@ spanhandler @@
     spanid
     spanitem
     spdx
+    spdxjson
     spf
     squidfunk
     sre
@@ Expand Down @@