Commit7824a2f

committed

fix: add continue-on-error to SBOM generation and force flag to cosign clean

Change-Id: Ide303c059b1a3d0e3fd77863310e99668325bc69Signed-off-by: Thomas Kosiewski <tk@coder.com>

1 parent0e878a8 commit7824a2fCopy full SHA for 7824a2f

File tree

-3

lines changed

-3

lines changed

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1182,6 +1182,7 @@ jobs:`
`1182`	`1182`
`1183`	`1183`	`-name:SBOM Generation and Attestation`
`1184`	`1184`	`if:github.ref == 'refs/heads/main'`
	`1185`	`+continue-on-error:true`
`1185`	`1186`	`env:`
`1186`	`1187`	`COSIGN_EXPERIMENTAL:1`
`1187`	`1188`	`run:\|`
`@@ -1200,7 +1201,7 @@ jobs:`
`1200`	`1201`	`syft "${IMAGE}" -o spdx-json > "${SBOM_FILE}"`
`1201`	`1202`
`1202`	`1203`	`echo "Attesting SBOM to image: ${IMAGE}"`
`1203`		`- cosign clean "${IMAGE}"`
	`1204`	`+ cosign clean--force=true"${IMAGE}"`
`1204`	`1205`	`cosign attest --type spdxjson \`
`1205`	`1206`	`--predicate "${SBOM_FILE}" \`
`1206`	`1207`	`--yes \`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -498,6 +498,7 @@ jobs:`
`498`	`498`
`499`	`499`	`-name:SBOM Generation and Attestation`
`500`	`500`	`if:${{ !inputs.dry_run }}`
	`501`	`+continue-on-error:true`
`501`	`502`	`env:`
`502`	`503`	`COSIGN_EXPERIMENTAL:"1"`
`503`	`504`	`run:\|`
`@@ -509,7 +510,7 @@ jobs:`
`509`	`510`
`510`	`511`	`# Attest SBOM to multi-arch image`
`511`	`512`	`echo "Attesting SBOM to multi-arch image: ${{ steps.build_docker.outputs.multiarch_image }}"`
`512`		`- cosign clean "${{ steps.build_docker.outputs.multiarch_image }}"`
	`513`	`+ cosign clean--force=true"${{ steps.build_docker.outputs.multiarch_image }}"`
`513`	`514`	`cosign attest --type spdxjson \`
`514`	`515`	`--predicate coder_${{ steps.version.outputs.version }}_sbom.spdx.json \`
`515`	`516`	`--yes \`
`@@ -522,7 +523,7 @@ jobs:`
`522`	`523`	`syft "${latest_tag}" -o spdx-json > coder_latest_sbom.spdx.json`
`523`	`524`
`524`	`525`	`echo "Attesting SBOM to latest image: ${latest_tag}"`
`525`		`- cosign clean "${latest_tag}"`
	`526`	`+ cosign clean--force=true"${latest_tag}"`
`526`	`527`	`cosign attest --type spdxjson \`
`527`	`528`	`--predicate coder_latest_sbom.spdx.json \`
`528`	`529`	`--yes \`

Comments

(0)