From a1c73a4d1b78285c23c86e462464dfdf1ef2b8ca Mon Sep 17 00:00:00 2001 From: Thomas Kosiewski Date: Tue, 8 Apr 2025 10:08:46 +0200 Subject: [PATCH] fix: add continue-on-error to SBOM generation and force flag to cosign clean Change-Id: Ide303c059b1a3d0e3fd77863310e99668325bc69 Signed-off-by: Thomas Kosiewski --- .github/workflows/ci.yaml | 3 ++- .github/workflows/release.yaml | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d25cb84173326..a98fbe9b8f28b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1182,6 +1182,7 @@ jobs: - name: SBOM Generation and Attestation if: github.ref == 'refs/heads/main' + continue-on-error: true env: COSIGN_EXPERIMENTAL: 1 run: | @@ -1200,7 +1201,7 @@ jobs: syft "${IMAGE}" -o spdx-json > "${SBOM_FILE}" echo "Attesting SBOM to image: ${IMAGE}" - cosign clean "${IMAGE}" + cosign clean --force=true "${IMAGE}" cosign attest --type spdxjson \ --predicate "${SBOM_FILE}" \ --yes \ diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index eb3983dac807f..653912ae2dad2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -509,7 +509,7 @@ jobs: # Attest SBOM to multi-arch image echo "Attesting SBOM to multi-arch image: ${{ steps.build_docker.outputs.multiarch_image }}" - cosign clean "${{ steps.build_docker.outputs.multiarch_image }}" + cosign clean --force=true "${{ steps.build_docker.outputs.multiarch_image }}" cosign attest --type spdxjson \ --predicate coder_${{ steps.version.outputs.version }}_sbom.spdx.json \ --yes \ @@ -522,7 +522,7 @@ jobs: syft "${latest_tag}" -o spdx-json > coder_latest_sbom.spdx.json echo "Attesting SBOM to latest image: ${latest_tag}" - cosign clean "${latest_tag}" + cosign clean --force=true "${latest_tag}" cosign attest --type spdxjson \ --predicate coder_latest_sbom.spdx.json \ --yes \