fix: Upload sbom (#175)

* chore: Upload sbom to release Signed-off-by: Justin Abrahms <justin@abrah.ms> * chore: Exclude signed releases since we don't use github releases for distribution Signed-off-by: Justin Abrahms <justin@abrah.ms> Signed-off-by: Justin Abrahms <justin@abrah.ms>
open-feature · Oct 25, 2022 · 813c646 · 813c646
1 parent df4d8e8
commit 813c646
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/.clomonitor.yml b/.clomonitor.yml
@@ -0,0 +1,10 @@
+
+# CLOMonitor metadata file
+# This file must be located at the root of the repository
+
+# Checks exemptions
+
+# Check identifiers are here https://github.com/cncf/clomonitor/blob/main/docs/checks.md#exemptions (look for "id")
+exemptions:
+  - check: signed_releases
+    reason: "Our releases are signed in GHCR via cosign"
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -128,4 +128,4 @@ jobs:
               config/webhook/certificate.yaml
               config/rendered/release.yaml
               config/samples/end-to-end.yaml
-
+              ${{ANCHORE_SBOM_ACTION_PRIOR_ARTIFACT}}