Compare commits
3 Commits
predicate@
...
v1.0.0
| Author | SHA1 | Date | |
|---|---|---|---|
|
c168f2354d | ||
|
|
5448b22ebd | ||
|
|
b125530ffd |
18
README.md
18
README.md
@@ -38,7 +38,8 @@ attest:
|
|||||||
necessary to request a Sigstore signing certificate. The `attestations`
|
necessary to request a Sigstore signing certificate. The `attestations`
|
||||||
permission is necessary to persist the attestation.
|
permission is necessary to persist the attestation.
|
||||||
|
|
||||||
1. Add the following to your workflow after your artifact has been built:
|
1. Add the following to your workflow after your artifact has been built and
|
||||||
|
your SBOM has been generated:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/attest-sbom@v1
|
- uses: actions/attest-sbom@v1
|
||||||
@@ -56,7 +57,7 @@ attest:
|
|||||||
See [action.yml](action.yml)
|
See [action.yml](action.yml)
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/attest@v1
|
- uses: actions/attest-sbom@v1
|
||||||
with:
|
with:
|
||||||
# Path to the artifact serving as the subject of the attestation. Must
|
# Path to the artifact serving as the subject of the attestation. Must
|
||||||
# specify exactly one of "subject-path" or "subject-digest".
|
# specify exactly one of "subject-path" or "subject-digest".
|
||||||
@@ -129,12 +130,15 @@ jobs:
|
|||||||
- name: Build artifact
|
- name: Build artifact
|
||||||
run: make my-app
|
run: make my-app
|
||||||
- name: Generate SBOM
|
- name: Generate SBOM
|
||||||
run: make sbom
|
uses: anchore/sbom-action@v0
|
||||||
|
with:
|
||||||
|
format: 'spdx-json'
|
||||||
|
output-file: 'sbom.spdx.json'
|
||||||
- name: Attest
|
- name: Attest
|
||||||
uses: actions/attest-sbom@v1
|
uses: actions/attest-sbom@v1
|
||||||
with:
|
with:
|
||||||
subject-path: '${{ github.workspace }}/my-app'
|
subject-path: '${{ github.workspace }}/my-app'
|
||||||
sbom-path: '${{ github.workspace }}/my-app.sbom.spdx.json'
|
sbom-path: 'sbom.spdx.json'
|
||||||
```
|
```
|
||||||
|
|
||||||
### Identify Subjects by Wildcard
|
### Identify Subjects by Wildcard
|
||||||
@@ -202,7 +206,11 @@ jobs:
|
|||||||
push: true
|
push: true
|
||||||
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
||||||
- name: Generate SBOM
|
- name: Generate SBOM
|
||||||
run: make sbom
|
uses: anchore/sbom-action@v0
|
||||||
|
with:
|
||||||
|
image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
||||||
|
format: 'cyclonedx-json'
|
||||||
|
output-file: 'sbom.cyclonedx.json'
|
||||||
- name: Attest
|
- name: Attest
|
||||||
uses: actions/attest-sbom@v1
|
uses: actions/attest-sbom@v1
|
||||||
id: attest
|
id: attest
|
||||||
|
|||||||
@@ -45,11 +45,11 @@ outputs:
|
|||||||
runs:
|
runs:
|
||||||
using: 'composite'
|
using: 'composite'
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/attest-sbom/predicate@847c6befa7ce187c962fa6c3e6cd3c96e4da9565 # predicate@0.1.0
|
- uses: actions/attest-sbom/predicate@534423496eab34674190bc45fdacbb8b1198e07f # predicate@1.0.0
|
||||||
id: generate-sbom-predicate
|
id: generate-sbom-predicate
|
||||||
with:
|
with:
|
||||||
sbom-path: ${{ inputs.sbom-path || steps.sbom-output.outputs.path }}
|
sbom-path: ${{ inputs.sbom-path || steps.sbom-output.outputs.path }}
|
||||||
- uses: actions/attest@14e407ca15f1b08f4869fc058b059f7f1e434df6 # v0.1.0
|
- uses: actions/attest@495f094150e54d72538674c944ca4daf13e7c67d # v1.0.0
|
||||||
id: attest
|
id: attest
|
||||||
with:
|
with:
|
||||||
subject-path: ${{ inputs.subject-path }}
|
subject-path: ${{ inputs.subject-path }}
|
||||||
|
|||||||
Reference in New Issue
Block a user