len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-07-04 11:27:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

sign sbom

Browse source
This commit is contained in:
lefosg 2025-06-05 15:40:00 +03:00
parent 2615dcde13
commit 1f23756ed3
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
.github/workflows/auto-release.yml vendored
View file

@ -94,6 +94,18 @@ jobs:
repo_path: ./local_kernel
source_path: ./
# 1. Install cosign tool
- name: Install Cosign
uses: sigstore/cosign-installer@v3.8.1
# 2. Sign the sbom.spdx file using cosign. Two files are produced: sbom.sig and sbom.crt, stored in the same directory as sbom.spdx
- name: Attest SBOM
working-directory: ./local_kernel
run: |
cosign sign-blob sbom.spdx --output-certificate='sbom.crt' --output-signature='sbom.sig' -y
# The following is a sanity check. After signing, we verify the image to check that everything is OK
cosign verify-blob --signature='sbom.sig' --certificate='sbom.crt' --certificate-identity-regexp=.* --certificate-oidc-issuer-regexp='https://github.com' ./sbom.spdx
- name: commit SBOM file
env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }}