Skip to content

Commit

Permalink
Merge remote-tracking branches 'origin/dependabot/github_actions/dot-…
Browse files Browse the repository at this point in the history 
…github/actions/build-docker-image/actions/attest-build-provenance-2.1.0', 'origin/dependabot/github_actions/dot-github/actions/build-docker-image/actions/attest-sbom-2.1.0', 'origin/dependabot/github_actions/dot-github/actions/build-docker-image/anchore/sbom-action-0.17.9' and 'origin/dependabot/github_actions/dot-github/actions/build-docker-image/github/codeql-action-3.27.9'
  • Loading branch information
@sjinks
sjinks committed Dec 17, 2024
5 parents 7d112e8 + 43632bd + f0315f5 + ea84db1 + 2aecec5 commit 0c237c2
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions .github/actions/build-docker-image/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,15 +105,15 @@ runs:
run: echo "image_name=$(echo "${{ inputs.primaryTag }}" | cut -d ':' -f 1)" >> "${GITHUB_OUTPUT}"

- name: Generate SBOM
uses: anchore/sbom-action@55dc4ee22412511ee8c3142cbea40418e6cec693 # v0.17.8
uses: anchore/sbom-action@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9
with:
image: ${{ inputs.primaryTag }}
format: 'cyclonedx-json'
output-file: 'sbom.cyclonedx.json'
if: inputs.push == 'true'

- name: Attest SBOM
uses: actions/attest-sbom@34581d8068ef8a325425f122523e4bb9d08932f3 # v2.0.1
uses: actions/attest-sbom@cbfd0027ae731a5892db25ecd226930d7ffd19eb # v2.1.0
with:
subject-name: ${{ steps.imagename.outputs.image_name }}
subject-digest: ${{ steps.push.outputs.digest }}
Expand All @@ -122,7 +122,7 @@ runs:
if: inputs.push == 'true'

- name: Attest provenance
uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
with:
subject-name: ${{ steps.imagename.outputs.image_name }}
subject-digest: ${{ steps.push.outputs.digest }}
Expand Down Expand Up @@ -207,7 +207,7 @@ runs:
if: inputs.scan == 'true' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name)

- name: Upload SARIF
uses: github/codeql-action/[email protected].6
uses: github/codeql-action/[email protected].9
with:
sarif_file: ${{ steps.filename.outputs.filename }}
if: inputs.scan == 'true' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name)
Expand Down

0 comments on commit 0c237c2

Please sign in to comment.