philips-software · Ron (rjaegers) · May 19, 2025 · May 7, 2025 · May 7, 2025 · May 7, 2025
@@ -135,7 +135,8 @@ jobs:
         env:
           GH_TOKEN: ${{ github.token }}
         run: |
-          gh attestation verify --repo ${{ github.repository }} oci://${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}@${{ steps.build-and-push.outputs.digest }} --format json --jq '.[] | .attestation.bundle.dsseEnvelope | select(.payloadType == "application/vnd.in-toto+json").payload' | base64 -d | jq . > ${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ matrix.flavor }}_sha256_${{ steps.build-and-push.outputs.digest }}.intoto.jsonl
+          FORMATTED_SHA=${${{ steps.build-and-push.outputs.digest }}//:/_}
+          gh attestation verify --repo ${{ github.repository }} oci://${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}@${{ steps.build-and-push.outputs.digest }} --format json --jq '.[] | .attestation.bundle.dsseEnvelope | select(.payloadType == "application/vnd.in-toto+json").payload' | base64 -d | jq . > "${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ matrix.flavor }}_${FORMATTED_SHA}.intoto.jsonl"
           gh release upload ${{ github.ref_name }} ./*.intoto.jsonl
       - name: Update package details in release
         if: startsWith(github.ref, 'refs/tags/')

@@ -16,6 +16,9 @@ jobs:
   create-release:
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
       - uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
         id: token
         with: