File tree 2 files changed +8
-5
lines changed
2 files changed +8
-5
lines changed Original file line number Diff line number Diff line change @@ -271,9 +271,7 @@ jobs:
271271env :
272272 COSIGN_KEY : ${{secrets.COSIGN_KEY}}
273273
274- - uses : sigstore/cosign-installer@main
275- with :
276- cosign-release : ' v1.2.1'
274+ -
uses :
sigstore/[email protected] 277275
278276 - name : Generate SBOM
279277 run : |
Original file line number Diff line number Diff line change @@ -696,8 +696,13 @@ sbom/assets/kurl-sbom.tgz: generate-sbom
696696 tar -czf sbom/assets/kurl-sbom.tgz sbom/spdx/* .spdx
697697
698698sbom : sbom/assets/kurl-sbom.tgz
699- cosign sign-blob -key ./cosign.key sbom/assets/kurl-sbom.tgz > ./sbom/assets/kurl-sbom.tgz.sig
700- cosign public-key -key ./cosign.key -outfile ./sbom/assets/key.pub
699+ cosign sign-blob \
700+ --key ./cosign.key \
701+ --tlog-upload \
702+ --yes \
703+ --rekor-url=https://rekor.sigstore.dev \
704+ sbom/assets/kurl-sbom.tgz > ./sbom/assets/kurl-sbom.tgz.sig
705+ cosign public-key --key ./cosign.key --outfile ./sbom/assets/key.pub
701706
702707.PHONY : tag-and-release
703708tag-and-release : # # Create tags and release
You can’t perform that action at this time.
0 commit comments