From 5a5a50bfea94bced78fe89c8e79ecd2e9c8c80aa Mon Sep 17 00:00:00 2001
From: Brian DeHamer <bdehamer@github.com>
Date: Thu, 29 Feb 2024 16:30:33 -0800
Subject: [PATCH] for signing w/ private Sigstore instance (#16)

Signed-off-by: Brian DeHamer <bdehamer@github.com>
---
 .github/workflows/ci.yml | 5 +++++
 README.md                | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b432f78..25ebc09 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -60,6 +60,8 @@ jobs:
       - name: Run attest-sbom
         id: attest-sbom
         uses: ./
+        env:
+          INPUT_PRIVATE-SIGNING: 'true'
         with:
           subject-digest: 'sha256:7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32'
           subject-name: 'subject'
@@ -86,7 +88,10 @@ jobs:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           sbom-format: 'spdx'
       - name: Run attest-sbom with cyclonedx format
+        id: attest-sbom
         uses: ./
+        env:
+          INPUT_PRIVATE-SIGNING: 'true'
         with:
           subject-digest: 'sha256:7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32'
           subject-name: 'subject'
diff --git a/README.md b/README.md
index 30ffe34..a1fdec6 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 # `actions/attest-sbom`
 
 Generate signed SBOM attestations for workflow artifacts. Internally powered by
-the [@actions/attest-sbom][1] package.
+the [@actions/attest][1] package.
 
 Attestations bind some subject (a named artifact along with its digest) to a a
 Software Bill of Materials (SBOM) using the [in-toto][2] format. The action