Merge pull request #248 from EmmEff/fix-publish-release-job

Fix broken publish-release job
sylabs · Aug 23, 2024 · 064199a · 064199a
2 parents 37cf130 + b478a3a
commit 064199a
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -127,14 +127,16 @@ jobs:
             COSIGN_VERSION="v<< pipeline.parameters.cosign-version >>"
             wget -q "https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/cosign-linux-amd64"
             wget -q -O - "https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/cosign_checksums.txt" | grep -w cosign-linux-amd64 | sha256sum -c
+            install cosign-linux-amd64 /usr/local/bin/cosign
+            rm cosign-linux-amd64
       - run:
           name: Attach attestations to image
           command: |
             TAG="`echo $CIRCLE_TAG | sed -e 's/^v//'`"
             for ARCH in amd64 arm64v8
             do
               IMAGE="sylabsio/scs-build:${TAG}-${ARCH}"
-              syft packages -q -o cyclonedx-json=sbom.cdx.json "${IMAGE}"
+              syft scan -q -o cyclonedx-json=sbom.cdx.json "${IMAGE}"
               AWS_REGION=us-east-1 cosign attest --predicate sbom.cdx.json --type cyclonedx --key "awskms:///${COSIGN_KEY_ID}" "${IMAGE}"
             done