Rework Workflow

chrisreddington · web-flow · commit ede20765de6f · 2024-05-03T14:16:49.000Z
diff --git a/.github/workflows/attestations.yml b/.github/workflows/attestations.yml
@@ -18,14 +18,11 @@ jobs:
         uses: actions/checkout@v4
       - name: "Install dependencies"
         run: npm install
-      - uses: anchore/sbom-action@v0
+      - name: "Generate SBOM"
+        uses: anchore/sbom-action@v0
         with:
           format: 'spdx-json'
           output-file: 'sbom.spdx.json'
-      - uses: actions/attest-sbom@v1
-        with:
-          subject-path: 'bin/my-artifact.tar.gz'
-          sbom-path: 'sbom.spdx.json'
       - name: "Build site"
         run: npm run build
       - name: "Package the build"
@@ -34,7 +31,11 @@ jobs:
         uses: actions/attest-build-provenance@v1
         with:
           subject-path: "dist.tar.gz"
-      - name: "Publish the build"
+      - uses: actions/attest-sbom@v1
+        with:
+          subject-path: 'dist.tar.gz'
+          sbom-path: 'sbom.spdx.json'
+      - name: "Publish the SBOM"
         uses: actions/upload-artifact@v4
         with:
           name: sbom
