chore: do attestation earlier

Signed-off-by: Maryam Tahhan <[email protected]>
redhat-et · Feb 13, 2025 · 26ca90d · 26ca90d
1 parent fb05304
commit 26ca90d
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 27 deletions.
diff --git a/.github/workflows/amd-image.yml b/.github/workflows/amd-image.yml
@@ -96,6 +96,15 @@ jobs:
           artifact-name: sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.json
           output-file: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
 
+      - name: Generate SBOM attestation
+        if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
+        uses: actions/attest-sbom@v2
+        with:
+          subject-name: quay.io/triton-dev-containers/${{ matrix.IMAGE_NAME }}
+          subject-digest: ${{ steps.build-push-image.outputs.digest }}
+          sbom-path: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
+          push-to-registry: true
+
       - name: Compress SBOM
         run: gzip ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
 
@@ -106,12 +115,3 @@ jobs:
           name: sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json.gz
           path: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json.gz
           retention-days: 1
-
-      - name: Generate SBOM attestation
-        if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
-        uses: actions/attest-sbom@v2
-        with:
-          subject-name: quay.io/triton-dev-containers/${{ matrix.IMAGE_NAME }}
-          subject-digest: ${{ steps.build-push-image.outputs.digest }}
-          sbom-path: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
-          push-to-registry: true
diff --git a/.github/workflows/cpu-image.yml b/.github/workflows/cpu-image.yml
@@ -96,6 +96,15 @@ jobs:
           artifact-name: sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.json
           output-file: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
 
+      - name: Generate SBOM attestation
+        if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
+        uses: actions/attest-sbom@v2
+        with:
+          subject-name: quay.io/triton-dev-containers/${{ matrix.IMAGE_NAME }}
+          subject-digest: ${{ steps.build-push-image.outputs.digest }}
+          sbom-path: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
+          push-to-registry: true
+
       - name: Compress SBOM
         run: gzip ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
 
@@ -106,12 +115,3 @@ jobs:
           name: sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json.gz
           path: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json.gz
           retention-days: 1
-
-      - name: Generate SBOM attestation
-        if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
-        uses: actions/attest-sbom@v2
-        with:
-          subject-name: quay.io/triton-dev-containers/${{ matrix.IMAGE_NAME }}
-          subject-digest: ${{ steps.build-push-image.outputs.digest }}
-          sbom-path: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
-          push-to-registry: true
diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml
@@ -98,6 +98,15 @@ jobs:
           artifact-name: sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.json
           output-file: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
 
+      - name: Generate SBOM attestation
+        if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
+        uses: actions/attest-sbom@v2
+        with:
+          subject-name: quay.io/triton-dev-containers/${{ matrix.IMAGE_NAME }}
+          subject-digest: ${{ steps.build-push-image.outputs.digest }}
+          sbom-path: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
+          push-to-registry: true
+
       - name: Compress SBOM
         run: gzip ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
 
@@ -108,12 +117,3 @@ jobs:
           name: sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json.gz
           path: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json.gz
           retention-days: 1
-
-      - name: Generate SBOM attestation
-        if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
-        uses: actions/attest-sbom@v2
-        with:
-          subject-name: quay.io/triton-dev-containers/${{ matrix.IMAGE_NAME }}
-          subject-digest: ${{ steps.build-push-image.outputs.digest }}
-          sbom-path: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
-          push-to-registry: true