diff --git a/.github/workflows/dockerbuild.yml b/.github/workflows/dockerbuild.yml index 9f1f71d..0b975bc 100755 --- a/.github/workflows/dockerbuild.yml +++ b/.github/workflows/dockerbuild.yml @@ -52,25 +52,25 @@ jobs: push: true platforms: linux/amd64,linux/arm64 tags: | - ghcr.io/${{ env.REPO }}/openunison-jib-builder3:latest - ghcr.io/${{ env.REPO }}/openunison-jib-builder3:${{ env.TAG }} - ghcr.io/${{ env.REPO }}/openunison-jib-builder3:${{ env.SHORT_TAG }} + ghcr.io/${{ env.REPO }}:latest + ghcr.io/${{ env.REPO }}:${{ env.TAG }} + ghcr.io/${{ env.REPO }}:${{ env.SHORT_TAG }} - name: sign images run: |- - cosign sign -y ghcr.io/${{ env.REPO }}/openunison-jib-builder3:${{ env.TAG }} + cosign sign -y ghcr.io/${{ env.REPO }}:${{ env.TAG }} - uses: anchore/sbom-action@v0 with: - image: ghcr.io/${{ env.REPO }}/openunison-jib-builder3:${{ env.TAG }} + image: ghcr.io/${{ env.REPO }}:${{ env.TAG }} format: spdx output-file: /tmp/spdxg - name: attach sbom to images run: |- - cosign attach sbom --sbom /tmp/spdxg ghcr.io/${{ env.REPO }}/openunison-jib-builder3:${{ env.TAG }} - GH_SBOM_SHA=$(cosign verify --certificate-oidc-issuer-regexp='.*' --certificate-identity-regexp='.*' ghcr.io/${{ env.REPO }}/openunison-jib-builder3:${{ env.TAG }} 2>/dev/null | jq -r '.[0].critical.image["docker-manifest-digest"]' | cut -c 8-) + cosign attach sbom --sbom /tmp/spdxg ghcr.io/${{ env.REPO }}:${{ env.TAG }} + GH_SBOM_SHA=$(cosign verify --certificate-oidc-issuer-regexp='.*' --certificate-identity-regexp='.*' ghcr.io/${{ env.REPO }}:${{ env.TAG }} 2>/dev/null | jq -r '.[0].critical.image["docker-manifest-digest"]' | cut -c 8-) echo "GH_SBOM_SHA: $GH_SBOM_SHA" - cosign sign -y ghcr.io/${{ env.REPO }}/openunison-jib-builder3:sha256-$GH_SBOM_SHA.sbom \ No newline at end of file + cosign sign -y ghcr.io/${{ env.REPO }}:sha256-$GH_SBOM_SHA.sbom \ No newline at end of file