File tree Expand file tree Collapse file tree 2 files changed +11
-6
lines changed
Expand file tree Collapse file tree 2 files changed +11
-6
lines changed Original file line number Diff line number Diff line change @@ -40,16 +40,15 @@ signs:
4040 - cmd : cosign
4141 env :
4242 - COSIGN_EXPERIMENTAL=1
43- certificate : ' ${artifact}.pem'
4443 args :
4544 - sign-blob
46- - --output-certificate=${certificate}
47- - --output-signature=${signature}
45+ - --bundle=${artifact}.bundle
4846 - ${artifact}
4947 - --yes
5048 artifacts : archive
5149 output : true
5250
51+
5352archives :
5453 - id : sbomqs
5554 name_template : >-
Original file line number Diff line number Diff line change @@ -67,10 +67,16 @@ Download signature and certificate fom release:
6767- ` sbomqs-linux-amd64.pem `
6868
6969``` bash
70+ export VERSION=2.0.3
71+
72+ curl -LO https://github.com/interlynk-io/sbomqs/releases/download/$VERSION /sbomqs_$VERSION_Linux_x86_64 .tar.gz
73+ curl -LO https://github.com/interlynk-io/sbomqs/releases/download/$VERSION /sbomqs_$VERSION_Linux_x86_64 .tar.gz.bundle
74+
7075cosign verify-blob \
71- --certificate sbomqs-linux-amd64.pem \
72- --signature sbomqs-linux-amd64.sig \
73- sbomqs-linux-amd64
76+ --bundle sbomqs_$VERSION_Linux_x86_64 .tar.gz.bundle \
77+ --certificate-identity-regexp=' ^https://github.com/interlynk-io/sbomqs/\.github/workflows/release\.yml@refs/tags/.*$'
78+ --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
79+ sbomqs_$VERSION_Linux_x86_64 .tar.gz
7480```
7581
7682### Linux
You can’t perform that action at this time.
0 commit comments