Skip to content

Commit 0fdf47c

Browse files
prabhuprabhu
committed
Sign the generated BOMs
Signed-off-by: Prabhu Subramanian <[email protected]>
1 parent c6fceb3 commit 0fdf47c

File tree

2 files changed

+7
-6
lines changed

2 files changed

+7
-6
lines changed

.github/workflows/image-build.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,7 @@ jobs:
8989
- name: save private key to file
9090
run: |
9191
echo $SBOM_SIGN_PRIVATE_KEY_DATA > $GITHUB_WORKSPACE/private.key
92+
ls -lh $GITHUB_WORKSPACE/private.key
9293
env:
9394
SBOM_SIGN_PRIVATE_KEY_DATA: ${{ secrets.SBOM_SIGN_PRIVATE_KEY }}
9495
- name: Attach cdx sbom to base
@@ -101,7 +102,7 @@ jobs:
101102
continue-on-error: true
102103
if: github.ref == 'refs/heads/master'
103104
env:
104-
SBOM_SIGN_ALGORITHM: ${{ secrets.SBOM_SIGN_ALGORITHM }}
105+
SBOM_SIGN_ALGORITHM: RS512
105106
SBOM_SIGN_PRIVATE_KEY: ${{ github.workspace }}/private.key
106107
- name: Attach cdx sbom
107108
run: |
@@ -113,5 +114,5 @@ jobs:
113114
continue-on-error: true
114115
if: ${{ startsWith(github.ref, 'refs/tags/') && ! fromJSON(inputs.image).cdxgen-image.skip-tags }}
115116
env:
116-
SBOM_SIGN_ALGORITHM: ${{ secrets.SBOM_SIGN_ALGORITHM }}
117+
SBOM_SIGN_ALGORITHM: RS512
117118
SBOM_SIGN_PRIVATE_KEY: ${{ github.workspace }}/private.key

.github/workflows/npm-release.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,7 @@ jobs:
139139
continue-on-error: true
140140
if: startsWith(github.ref, 'refs/tags/')
141141
env:
142-
SBOM_SIGN_ALGORITHM: ${{ secrets.SBOM_SIGN_ALGORITHM }}
142+
SBOM_SIGN_ALGORITHM: RS512
143143
SBOM_SIGN_PRIVATE_KEY: ${{ github.workspace }}/private.key
144144
- name: Attach cdx sbom to release
145145
uses: softprops/action-gh-release@v2
@@ -198,7 +198,7 @@ jobs:
198198
continue-on-error: true
199199
if: startsWith(github.ref, 'refs/tags/')
200200
env:
201-
SBOM_SIGN_ALGORITHM: ${{ secrets.SBOM_SIGN_ALGORITHM }}
201+
SBOM_SIGN_ALGORITHM: RS512
202202
SBOM_SIGN_PRIVATE_KEY: ${{ github.workspace }}/private.key
203203
- name: Attach cdx secure sbom to release
204204
uses: softprops/action-gh-release@v2
@@ -268,7 +268,7 @@ jobs:
268268
continue-on-error: true
269269
if: startsWith(github.ref, 'refs/tags/')
270270
env:
271-
SBOM_SIGN_ALGORITHM: ${{ secrets.SBOM_SIGN_ALGORITHM }}
271+
SBOM_SIGN_ALGORITHM: RS512
272272
SBOM_SIGN_PRIVATE_KEY: ${{ github.workspace }}/private.key
273273
- name: Attach cdx deno sbom to release
274274
uses: softprops/action-gh-release@v2
@@ -384,7 +384,7 @@ jobs:
384384
continue-on-error: true
385385
if: startsWith(github.ref, 'refs/tags/')
386386
env:
387-
SBOM_SIGN_ALGORITHM: ${{ secrets.SBOM_SIGN_ALGORITHM }}
387+
SBOM_SIGN_ALGORITHM: RS512
388388
SBOM_SIGN_PRIVATE_KEY: ${{ github.workspace }}/private.key
389389
- name: Attach cdx bun sbom to release
390390
uses: softprops/action-gh-release@v2

0 commit comments

Comments
 (0)