File tree Expand file tree Collapse file tree 1 file changed +14
-2
lines changed
.github/actions/sbom-and-attest Expand file tree Collapse file tree 1 file changed +14
-2
lines changed Original file line number Diff line number Diff line change @@ -101,6 +101,18 @@ runs:
101101 echo "sbom_file=$SBOM_FILE" >> "$GITHUB_OUTPUT"
102102 echo "::endgroup::"
103103
104+ name : Install Crane
105+ shell : bash
106+ run : |
107+ if ! command -v crane &> /dev/null; then
108+ echo "Installing crane..."
109+ CRANE_VERSION="v0.20.2"
110+ curl -sL "https://github.com/google/go-containerregistry/releases/download/${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" | tar -xz crane
111+ sudo mv crane /usr/local/bin/crane
112+ sudo chmod +x /usr/local/bin/crane
113+ fi
114+ crane version
115+
104116name : Install Cosign
105117 uses : sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
106118
@@ -164,7 +176,7 @@ runs:
164176 --yes \
165177 --predicate "$SBOM_FILE" \
166178 --type cyclonedx \
167- --verbose=9 \
179+ --verbose \
168180 "${{ inputs.image_name }}@${DIGEST}" 2>&1 | tee /tmp/cosign-output.log; then
169181 echo "✓ Successfully attested $DIGEST"
170182 grep -i "pushing\|uploaded\|tlog" /tmp/cosign-output.log || echo "Warning: No upload confirmation in output"
@@ -180,7 +192,7 @@ runs:
180192 --yes \
181193 --predicate "$SBOM_FILE" \
182194 --type cyclonedx \
183- --verbose=9 \
195+ --verbose \
184196 "$IMAGE_REF" 2>&1 | tee /tmp/cosign-output.log; then
185197 echo "✓ Successfully attested image"
186198 grep -i "pushing\|uploaded\|tlog" /tmp/cosign-output.log || echo "Warning: No upload confirmation in output"
You can’t perform that action at this time.
0 commit comments