chore: disable sbom attestation for now

Signed-off-by: Maryam Tahhan <[email protected]>
redhat-et · Feb 13, 2025 · e27f7e7 · e27f7e7
1 parent e454170
commit e27f7e7
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 12 deletions.
diff --git a/.github/workflows/amd-image.yml b/.github/workflows/amd-image.yml
@@ -96,10 +96,10 @@ jobs:
           artifact-name: sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.json
           output-file: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
 
-      - name: Generate SBOM attestation with Cosign with GitHub OIDC Token
-        if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
-        run: |
-          cosign attest --predicate ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json quay.io/triton-dev-containers/${{ matrix.IMAGE_NAME }}:${{ matrix.LABEL }}@${{ steps.build-push-image.outputs.digest }}
+      # - name: Generate SBOM attestation with Cosign with GitHub OIDC Token
+      #   if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
+      #   run: |
+      #     cosign attest --predicate ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json quay.io/triton-dev-containers/${{ matrix.IMAGE_NAME }}:${{ matrix.LABEL }}@${{ steps.build-push-image.outputs.digest }}
 
       - name: Compress SBOM
         run: gzip ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json

diff --git a/.github/workflows/cpu-image.yml b/.github/workflows/cpu-image.yml
@@ -96,10 +96,10 @@ jobs:
           artifact-name: sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.json
           output-file: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
 
-      - name: Generate SBOM attestation with Cosign with GitHub OIDC Token
-        if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
-        run: |
-          cosign attest --predicate ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json quay.io/triton-dev-containers/${{ matrix.IMAGE_NAME }}:${{ matrix.LABEL }}@${{ steps.build-push-image.outputs.digest }}
+      # - name: Generate SBOM attestation with Cosign with GitHub OIDC Token
+      #   if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
+      #   run: |
+      #     cosign attest --predicate ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json quay.io/triton-dev-containers/${{ matrix.IMAGE_NAME }}:${{ matrix.LABEL }}@${{ steps.build-push-image.outputs.digest }}
 
       - name: Compress SBOM
         run: gzip ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json

diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml
@@ -98,10 +98,10 @@ jobs:
           artifact-name: sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.json
           output-file: ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json
 
-      - name: Generate SBOM attestation with Cosign with GitHub OIDC Token
-        if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
-        run: |
-          cosign attest --predicate ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json quay.io/triton-dev-containers/${{ matrix.IMAGE_NAME }}:${{ matrix.LABEL }}@${{ steps.build-push-image.outputs.digest }}
+      # - name: Generate SBOM attestation with Cosign with GitHub OIDC Token
+      #   if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
+      #   run: |
+      #     cosign attest --predicate ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json quay.io/triton-dev-containers/${{ matrix.IMAGE_NAME }}:${{ matrix.LABEL }}@${{ steps.build-push-image.outputs.digest }}
 
       - name: Compress SBOM
         run: gzip ./sbom-${{ matrix.IMAGE_NAME }}-${{ matrix.LABEL }}.spdx.json