pr comments

oarbusi · oarbusi · commit 715a447f23c4 · 2025-06-17T14:56:26.000+02:00
diff --git a/.github/workflows/generate-augmented-sbom.yml b/.github/workflows/generate-augmented-sbom.yml
@@ -25,7 +25,7 @@ jobs:
       KONDUKTO_BRANCH_PREFIX: ${{ vars.KONDUKTO_BRANCH_PREFIX }}
       SILKBOMB_IMG: ${{ vars.SILKBOMB_IMG }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
 
       - name: Get current date
         id: date
diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
@@ -29,7 +29,7 @@ jobs:
         with:
           node-version: 18.x
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -50,7 +50,7 @@ jobs:
         with:
           node-version: 18.x
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -70,7 +70,7 @@ jobs:
         with:
           node-version: 18.x
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -90,7 +90,7 @@ jobs:
         with:
           node-version: 18.x
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -111,7 +111,7 @@ jobs:
         with:
           node-version: 18.x
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -329,7 +329,8 @@ jobs:
         run: |
           AUTHOR="${{ github.actor }}"
           export AUTHOR
-          export VERSION=${{ steps.extract-version.outputs.VERSION }}
+          VERSION="${{ steps.extract-version.outputs.VERSION }}"
+          export VERSION
           ./scripts/compliance/gen-ssdlc-report.sh
         env:
           KONDUKTO_TOKEN: ${{ secrets.KONDUKTO_TOKEN }}
diff --git a/scripts/compliance/gen-sbom.sh b/scripts/compliance/gen-sbom.sh
@@ -7,4 +7,5 @@ docker run --rm \
   "$SILKBOMB_IMG" \
   update \
   --purls /pwd/compliance/purls.txt \
-  --sbom-out /pwd/compliance/sbom.json
+  --sbom-out /pwd/compliance/sbom.json
+  
diff --git a/scripts/compliance/gen-ssdlc-report.sh b/scripts/compliance/gen-ssdlc-report.sh
@@ -42,4 +42,4 @@ echo "SSDLC compliance report ready. Files in ${target_dir}/:"
 ls -l "${target_dir}/"
 
 echo "Printing the generated report:"
-cat "${target_dir}/${file_name}"
+cat "${target_dir}/${file_name}"
diff --git a/scripts/compliance/upload-sbom.sh b/scripts/compliance/upload-sbom.sh
@@ -9,4 +9,5 @@ docker run --rm \
   upload \
   --sbom-in /pwd/compliance/sbom.json \
   --repo "$KONDUKTO_REPO"  \
-  --branch "$KONDUKTO_BRANCH_PREFIX"
+  --branch "$KONDUKTO_BRANCH_PREFIX"
+  
