len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-07-04 03:17:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge 4bc8d25cec into 7225fbcbb9

Browse source
This commit is contained in:
Lefteris Georgiadis 2025-06-30 14:51:44 +02:00 committed by GitHub
parent 7225fbcbb9 4bc8d25cec
commit aa7129f5f4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
.github/workflows/auto-release.yml vendored
View file

@ -94,6 +94,18 @@ jobs:
repo_path: ./local_kernel repo_path: ./local_kernel
source_path: ./ source_path: ./
# 1. Install cosign tool
- name: Install Cosign
uses: sigstore/cosign-installer@v3.8.1
# 2. Sign the sbom.spdx file using cosign. Two files are produced: sbom.sig and sbom.crt, stored in the same directory as sbom.spdx
- name: Attest SBOM
working-directory: ./local_kernel
run: |
cosign sign-blob sbom.spdx --output-certificate='sbom.crt' --output-signature='sbom.sig' -y
# The following is a sanity check. After signing, we verify the image to check that everything is OK
cosign verify-blob --signature='sbom.sig' --certificate='sbom.crt' --certificate-identity-regexp=.* --certificate-oidc-issuer-regexp='https://github.com' ./sbom.spdx
- name: commit SBOM file - name: commit SBOM file
env: env:
VERSION_NUMBER: ${{ github.event.inputs.version_number }} VERSION_NUMBER: ${{ github.event.inputs.version_number }}