Skip to content

Commit

Permalink
ci: test
Browse files Browse the repository at this point in the history 
Signed-off-by: r3drun3 <simone.ragonesi@sighup.io>
  • Loading branch information
@R3DRUN3
R3DRUN3 committed Jan 16, 2024
1 parent c6951cb commit 603200f
Showing 1 changed file with 16 additions and 1 deletion.
17 changes: 16 additions & 1 deletion .github/workflows/patch.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
run: |
TAG=$(echo "${{ matrix.images }}" | grep -oP '(?<=:).*' | grep -oP '^[^/]+')
IMMUNIZED_TAG="${TAG}-immunized"
PATCHED_TAG_SBOM=$(echo "${IMMUNIZED_TAG}" | tr '/:' '-')
PATCHED_TAG_SBOM=$(echo "${{matrix.images}}" | tr '/:' '-')
echo "PATCHED_TAG=${IMMUNIZED_TAG}" >> $GITHUB_ENV
echo "PATCHED_TAG_SBOM=${PATCHED_TAG_SBOM}" >> $GITHUB_ENV
Expand Down Expand Up @@ -93,6 +93,21 @@ jobs:
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}

- name: Attach SBOM to Image
run: |
cosign attach sbom --sbom env://PATCHED_TAG_SBOM "ghcr.io/r3drun3/immunize/${{ steps.copa.outputs.patched-image }}"
env:
PATCHED_TAG_SBOM: ${{ env.PATCHED_TAG_SBOM }}

# - name: Sign SBOM with Cosign
# run: |
# cosign sign --yes --key env://COSIGN_PRIVATE_KEY "ghcr.io/r3drun3/immunize/${{ steps.copa.outputs.patched-image }}"
# env:
# COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
# COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
# PATCHED_TAG_SBOM: ${{ env.PATCHED_TAG_SBOM }}


send-mail-report:
runs-on: ubuntu-latest
Expand Down

0 comments on commit 603200f

Please sign in to comment.