Commit 8475bc01 authored by Clement Bois's avatar Clement Bois
Browse files

Merge branch 'fix/sbom-bad-digest' into 'master' 

fix(sign): support sbom attestation with parallel matrix

Closes #138

See merge request to-be-continuous/docker!164
parents 6cce9b3d 821bc66d

templates/gitlab-ci-docker.yml

+1 −1
Original line number Diff line number Diff line
@@ -1320,7 +1320,7 @@ docker-sbom: 
        log_info "Attaching attested SBOM to ${DOCKER_SNAPSHOT_IMAGE}..."

        install_cosign

        configure_cosign_private_key

        $docker_cosign attest --key ${docker_cosign_private_key} ${DOCKER_COSIGN_OPTS} --predicate reports/docker-sbom-${basename}.cyclonedx.json ${docker_image_digest}

        $docker_cosign attest --key ${docker_cosign_private_key} ${DOCKER_COSIGN_OPTS} --predicate reports/docker-sbom-${basename}.cyclonedx.json ${DOCKER_SNAPSHOT_IMAGE}

      fi

  artifacts:

    name: "SBOM for docker from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"