fixes

oarbusi · oarbusi · commit 466b0885e67f · 2025-06-16T17:04:03.000+02:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -341,10 +341,9 @@ jobs:
           remote: https://svc-apix-bot:${{ secrets.APIX_BOT_PAT }}@github.com/${{ github.repository }}
           gpg_private_key: ${{ secrets.APIX_BOT_GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.APIX_BOT_PASSPHRASE }}
-          file_to_commit: 'cfn-resources/${{ github.event.inputs.resourceName }}/compliance/v*/*'
+          file_to_commit: 'compliance/v*/*'
           commit_message:
-            "chore: Update SSDLC report for ${{ needs.publish.outputs.published_version }}"
-          repo-path: "cfn-resources/"
+            "chore: Update SSDLC report for ${{ steps.extract-version.outputs.VERSION }}"
         env:
           KONDUKTO_TOKEN: ${{ secrets.KONDUKTO_TOKEN }}
           SILKBOMB_IMG: ${{ vars.SILKBOMB_IMG }}
diff --git a/scripts/compliance/gen-purls.sh b/scripts/compliance/gen-purls.sh
@@ -12,6 +12,6 @@ mkdir -p compliance
 PKG_JSON=package.json
 
 # Output all npm dependencies, devDependencies, and peerDependencies as PURLs to compliance/purls.txt
-yq -r --output-format json '.dependencies | to_entries | .[] |  "pkg:npm/" + .key + "@" + .value' package.json > compliance/purls.txt
-yq -r --output-format json '.devDependencies | to_entries | .[] |  "pkg:npm/" + .key + "@" + .value' package.json >> compliance/purls.txt
-yq -r --output-format json '.peerDependencies | to_entries | .[] |  "pkg:npm/" + .key + "@" + .value' package.json >> compliance/purls.txt
+yq -r --output-format json '.dependencies | to_entries | .[] |  "pkg:npm/" + .key + "@" + .value' $PKG_JSON > compliance/purls.txt
+yq -r --output-format json '.devDependencies | to_entries | .[] |  "pkg:npm/" + .key + "@" + .value' $PKG_JSON >> compliance/purls.txt
+yq -r --output-format json '.peerDependencies | to_entries | .[] |  "pkg:npm/" + .key + "@" + .value' $PKG_JSON >> compliance/purls.txt
