update image workflow

Signed-off-by: Frank Jogeleit <[email protected]>
kyverno · Jan 13, 2024 · 272f0cb · 272f0cb
1 parent 73e3fc9
commit 272f0cb
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 7 deletions.
diff --git a/.github/workflows/kyverno-plugin.yaml b/.github/workflows/kyverno-plugin.yaml
@@ -38,6 +38,12 @@ jobs:
       - name: Install Cosign
         uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
 
+      - name: Set version
+        run: |
+          set -e
+          TAG=${{ github.ref_name }}
+          echo "VERSION=${TAG#kyverno-plugin-v}" >> $GITHUB_ENV
+
       - name: Publish Kyverno Plugin
         id: publish
         uses: ./.github/actions/publish
@@ -46,7 +52,7 @@ jobs:
           name: policy-reporter/kyverno-plugin
           registry-username: ${{ github.actor }}
           registry-password: ${{ secrets.GITHUB_TOKEN }}
-          version: ${{ github.ref_name }}
+          version: ${{ env.VERSION }}
           sbom-name: kyverno-plugin
           sbom-repository: ghcr.io/${{ github.repository_owner }}/sbom/policy-reporter
           signature-repository: ghcr.io/${{ github.repository_owner }}/signatures/policy-reporter

diff --git a/.github/workflows/trivy-plugin.yaml b/.github/workflows/trivy-plugin.yaml
@@ -1,4 +1,4 @@
-name: Publish trivy Plugin
+name: Publish Trivy Plugin
 
 on:
   push:
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       packages: write
-      id-token: write 
+      id-token: write
     outputs:
       digest: ${{ steps.publish.outputs.digest }}
     steps:
@@ -38,21 +38,27 @@ jobs:
       - name: Install Cosign
         uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
 
-      - name: Publish Trivy Plugin
+      - name: Set version
+        run: |
+          set -e
+          TAG=${{ github.ref_name }}
+          echo "VERSION=${TAG#trivy-plugin-v}" >> $GITHUB_ENV
+
+      - name: Publish trivy Plugin
         id: publish
         uses: ./.github/actions/publish
         with:
           plugin: trivy
           name: policy-reporter/trivy-plugin
           registry-username: ${{ github.actor }}
           registry-password: ${{ secrets.GITHUB_TOKEN }}
-          version: ${{ github.ref_name }}
+          version: ${{ env.VERSION }}
           sbom-name: trivy-plugin
           sbom-repository: ghcr.io/${{ github.repository_owner }}/sbom/policy-reporter
           signature-repository: ghcr.io/${{ github.repository_owner }}/signatures/policy-reporter
 
   generate-provenance:
-    needs: publish
+    needs: publish-images
     permissions:
       id-token: write   # To sign the provenance.
       packages: write   # To upload assets to release.
@@ -61,7 +67,7 @@ jobs:
     uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
     with:
       image: ghcr.io/${{ github.repository_owner }}/policy-reporter/trivy-plugin
-      digest: "${{ needs.publish.outputs.digest }}"
+      digest: "${{ needs.publish-images.outputs.digest }}"
       registry-username: ${{ github.actor }}
     secrets:
       registry-password: ${{ secrets.GITHUB_TOKEN }}