enhance the ko workflow

Signed-off-by: Batuhan Apaydın <[email protected]>
slsa-framework · Sep 7, 2023 · 67ba275 · 67ba275
1 parent 00c744f
commit 67ba275
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/internal/builders/container/README.md b/internal/builders/container/README.md
@@ -347,13 +347,13 @@ This section explains how to generate non-forgeable SLSA provenance with existin
          echo "${KO_PASSWORD}" | ko login ghcr.io --username "$KO_USER" --password-stdin
 
          # Build & push the image. Save the image name.
-         image_and_digest=$(ko build --tags="${tag}" .)
+         ko build --bare --tags="${tag}" --image-refs .digest
 
          # Output the image name and digest so we can generate provenance.
-         image=$(echo "${image_and_digest}" | cut -d'@' -f1 | cut -d':' -f1)
-         digest=$(echo "${image_and_digest}" | cut -d'@' -f2)
+         image=$(cat .digest | cut -d'@' -f1 | cut -d':' -f1)
+         digest=$(cat .digest| cut -d'@' -f2)
          echo "image=$image" >> "$GITHUB_OUTPUT"
-         echo "digest=$digest" >> "$GITHUB_OUTPUT"
+         echo "digest=$(digest)" >> "$GITHUB_OUTPUT"
    ```
 
 3. Call the generic container workflow to generate provenance by declaring the job below: