prepare docs for v3 release (#205)
Signed-off-by: Brian DeHamer <bdehamer@github.com>
This commit is contained in:
@@ -55,7 +55,7 @@ attest:
|
|||||||
your SBOM has been generated:
|
your SBOM has been generated:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/attest-sbom@v2
|
- uses: actions/attest-sbom@v3
|
||||||
with:
|
with:
|
||||||
subject-path: '<PATH TO ARTIFACT>'
|
subject-path: '<PATH TO ARTIFACT>'
|
||||||
sbom-path: '<PATH TO SBOM>'
|
sbom-path: '<PATH TO SBOM>'
|
||||||
@@ -70,7 +70,7 @@ attest:
|
|||||||
See [action.yml](action.yml)
|
See [action.yml](action.yml)
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/attest-sbom@v2
|
- uses: actions/attest-sbom@v3
|
||||||
with:
|
with:
|
||||||
# Path to the artifact serving as the subject of the attestation. Must
|
# Path to the artifact serving as the subject of the attestation. Must
|
||||||
# specify exactly one of "subject-path", "subject-digest", or
|
# specify exactly one of "subject-path", "subject-digest", or
|
||||||
@@ -174,7 +174,7 @@ jobs:
|
|||||||
format: 'spdx-json'
|
format: 'spdx-json'
|
||||||
output-file: 'sbom.spdx.json'
|
output-file: 'sbom.spdx.json'
|
||||||
- name: Attest
|
- name: Attest
|
||||||
uses: actions/attest-sbom@v2
|
uses: actions/attest-sbom@v3
|
||||||
with:
|
with:
|
||||||
subject-path: '${{ github.workspace }}/my-app'
|
subject-path: '${{ github.workspace }}/my-app'
|
||||||
sbom-path: 'sbom.spdx.json'
|
sbom-path: 'sbom.spdx.json'
|
||||||
@@ -186,7 +186,7 @@ If you are generating multiple artifacts, you can attest all of them at the same
|
|||||||
time by using a wildcard in the `subject-path` input.
|
time by using a wildcard in the `subject-path` input.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/attest-sbom@v2
|
- uses: actions/attest-sbom@v3
|
||||||
with:
|
with:
|
||||||
subject-path: 'dist/**/my-bin-*'
|
subject-path: 'dist/**/my-bin-*'
|
||||||
sbom-path: '${{ github.workspace }}/my-bin.sbom.spdx.json'
|
sbom-path: '${{ github.workspace }}/my-bin.sbom.spdx.json'
|
||||||
@@ -199,13 +199,13 @@ Alternatively, you can explicitly list multiple subjects with either a comma or
|
|||||||
newline delimited list:
|
newline delimited list:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/attest-sbom@v2
|
- uses: actions/attest-sbom@v3
|
||||||
with:
|
with:
|
||||||
subject-path: 'dist/foo, dist/bar'
|
subject-path: 'dist/foo, dist/bar'
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- uses: actions/attest-sbom@v2
|
- uses: actions/attest-sbom@v3
|
||||||
with:
|
with:
|
||||||
subject-path: |
|
subject-path: |
|
||||||
dist/foo
|
dist/foo
|
||||||
@@ -226,7 +226,7 @@ attestation.
|
|||||||
- name: Calculate artifact digests
|
- name: Calculate artifact digests
|
||||||
run: |
|
run: |
|
||||||
shasum -a 256 foo_0.0.1_* > subject.checksums.txt
|
shasum -a 256 foo_0.0.1_* > subject.checksums.txt
|
||||||
- uses: actions/attest-sbom@v2
|
- uses: actions/attest-sbom@v3
|
||||||
with:
|
with:
|
||||||
subject-checksums: subject.checksums.txt
|
subject-checksums: subject.checksums.txt
|
||||||
sbom-path: sbom.spdx.json
|
sbom-path: sbom.spdx.json
|
||||||
@@ -303,7 +303,7 @@ jobs:
|
|||||||
format: 'cyclonedx-json'
|
format: 'cyclonedx-json'
|
||||||
output-file: 'sbom.cyclonedx.json'
|
output-file: 'sbom.cyclonedx.json'
|
||||||
- name: Attest
|
- name: Attest
|
||||||
uses: actions/attest-sbom@v2
|
uses: actions/attest-sbom@v3
|
||||||
id: attest
|
id: attest
|
||||||
with:
|
with:
|
||||||
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||||
|
|||||||
Reference in New Issue
Block a user