ci: replace ':' by '_' in SLSA file for container SHA

rjaegers · web-flow · commit e533c59c8f54 · 2025-05-07T08:48:58.000+02:00
diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
@@ -135,7 +135,8 @@ jobs:
         env:
           GH_TOKEN: ${{ github.token }}
         run: |
-          gh attestation verify --repo ${{ github.repository }} oci://${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}@${{ steps.build-and-push.outputs.digest }} --format json --jq '.[] | .attestation.bundle.dsseEnvelope | select(.payloadType == "application/vnd.in-toto+json").payload' | base64 -d | jq . > ${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ matrix.flavor }}_sha256_${{ steps.build-and-push.outputs.digest }}.intoto.jsonl
+          FORMATTED_SHA=${${{ steps.build-and-push.outputs.digest }}//:/_}
+          gh attestation verify --repo ${{ github.repository }} oci://${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}@${{ steps.build-and-push.outputs.digest }} --format json --jq '.[] | .attestation.bundle.dsseEnvelope | select(.payloadType == "application/vnd.in-toto+json").payload' | base64 -d | jq . > "${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ matrix.flavor }}_${FORMATTED_SHA}.intoto.jsonl"
           gh release upload ${{ github.ref_name }} ./*.intoto.jsonl
       - name: Update package details in release
         if: startsWith(github.ref, 'refs/tags/')
