ci: fix SBOM image tag and registry credentials

2026-04-12 12:40:31 +00:00 · 2026-02-23 18:53:17 +00:00
parent f74b781d1f
commit 99e290d30c
1 changed files with 10 additions and 2 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -171,20 +171,28 @@ jobs:
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set version tag (strip leading v)
        id: ver
        run: echo "tag=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT
      # ── SBOM — Software Bill of Materials ───────────────────────────────────
      - name: Generate SBOM (SPDX)
        uses: anchore/sbom-action@v0
        with:
-          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.ver.outputs.tag }}
          format: spdx-json
          output-file: nora-${{ github.ref_name }}.sbom.spdx.json
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.GITHUB_TOKEN }}
      - name: Generate SBOM (CycloneDX)
        uses: anchore/sbom-action@v0
        with:
-          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.ver.outputs.tag }}
          format: cyclonedx-json
          output-file: nora-${{ github.ref_name }}.sbom.cdx.json
          registry-username: ${{ github.actor }}
          registry-password: ${{ secrets.GITHUB_TOKEN }}
      - name: Create Release
        uses: softprops/action-gh-release@v1