Skip to content

Commit

Permalink
add sboms
Browse files Browse the repository at this point in the history 
Signed-off-by: cpanato <ctadeu@gmail.com>
  • Loading branch information
@cpanato
cpanato committed Sep 30, 2022
1 parent 6621a07 commit 213b873
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 7 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/ci-goreleaser.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ jobs:
- name: Install cosign
uses: sigstore/cosign-installer@v2

- name: Install syft
uses: anchore/sbom-action/download-syft@v0.12.0

- name: Generate the sources
run: make generate-sources

Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ jobs:
- name: Install cosign
uses: sigstore/cosign-installer@v2

- name: Install syft
uses: anchore/sbom-action/download-syft@v0.12.0

- name: Generate distribution sources
run: make generate-sources

Expand Down
11 changes: 4 additions & 7 deletions .goreleaser.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -304,14 +304,11 @@ signs:
certificate: "${artifact}.pem"
cmd: cosign
args: ["sign-blob", "--output-signature", "${artifact}.sig", "--output-certificate", "${artifact}.pem", "${artifact}"]
artifacts: binary
- id: checksum
signature: "${artifact}.sig"
certificate: "${artifact}.pem"
cmd: cosign
args: ["sign-blob", "--output-signature", "${artifact}.sig", "--output-certificate", "${artifact}.pem", "${artifact}"]
artifacts: checksum
artifacts: all

docker_signs:
- artifacts: all
args: [ "sign", "${artifact}" ]

sboms:
- artifacts: any

0 comments on commit 213b873

Please sign in to comment.