test

Author: ejahnGithub

.github/workflows/publish_container.yaml

@@ -17,7 +17,7 @@ jobs:
   build-and-push-image:
     runs-on: ubuntu-latest
     # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
-    permissions:
+    permissions:docker pull ghcr.io/ejahngithub/test-generate-provenance:sha-03fd52d8f7ad9e7698c854115629e3396fc93aa6
       id-token: write
       contents: write
       packages: write
@@ -34,7 +34,7 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
-      - name: Extract metadata (tags, labels) for Docker
+      - name: Extract metadata (tadockgs, labels) for Docker
         id: meta
         uses: docker/metadata-action@v5
         with:
@@ -73,10 +73,13 @@ jobs:
       - name: Generate SBOM for the dev Docker image
         uses: anchore/sbom-action@v0
         with:
-          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          path: ./ 
           output-file: sbom-image-latest.json
-          registry-username: ${{ github.actor }}
-          registry-password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Upload sbom-image-latest.json to GitHub
+        uses: actions/upload-artifact@v2
+        with:
+          name: sbom-image-latest.json
+          path: sbom-image-latest.json
       - name: Attest image
         uses: github-early-access/generate-build-provenance@main
         with: