From a80b26d22ca29dc2fb68ce8bb8e7662af36231b0 Mon Sep 17 00:00:00 2001
From: r3drun3 <simone.ragonesi@sighup.io>
Date: Tue, 13 Feb 2024 14:55:44 +0100
Subject: [PATCH] ci(release): modify sbom artifact name

Signed-off-by: r3drun3 <simone.ragonesi@sighup.io>
---
 .github/workflows/release.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index b52d962..20a65c1 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -66,18 +66,18 @@ jobs:
         uses: anchore/sbom-action@v0
         with:
           image: ghcr.io/${{ steps.lowercase.outputs.name }}:${{ steps.tagger.outputs.version-without-v }}
-          artifact-name: ${{ steps.lowercase.outputs.name }}-${{ steps.tagger.outputs.version-without-v }}.spdx.json
+          artifact-name: ${{ steps.lowercase.outputs.name }}.spdx.json
 
       - name: Sign image with Cosign
         run: |
-          cosign sign --yes --key env://COSIGN_PRIVATE_KEY "ghcr.io/r3drun3/immunize/${{ steps.copa.outputs.patched-image }}"
+          cosign sign --yes --key env://COSIGN_PRIVATE_KEY "ghcr.io/${{ steps.lowercase.outputs.name }}:${{ steps.tagger.outputs.version-without-v }}"
         env:
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
 
       - name: Attest the Image with SBOM
         run: |
-          echo "${{ env.PATCHED_TAG_SBOM }}"
+          ls -lah /tmp
           SBOM_FILE=$(find /tmp/sbom-action-* -name "*${{ steps.lowercase.outputs.name }}-${{ steps.tagger.outputs.version-without-v }}.spdx.json*.spdx.json" -type f)
           echo "${SBOM_FILE}"
           if [ -z "$SBOM_FILE" ]; then