This fixes the receipts.sh script so that it uses the build-receipts and run-receipts args when they are passed in. I should have added this in the previous PR, but I was only testing with defaults when you run receipts.sh without any args. This should fix the create-release workflow.
Testing
Below are the results of local testing.
Example output when run with no args
root@896b3302e73a:/workspace# scripts/receipts.sh
Using jam 2.4.0
Uploading build image to 127.0.0.1:53695/build
Uploading run image to 127.0.0.1:53695/run
Generating package SBOM for build.oci
Generating CycloneDX package SBOM using syft for build.oci on platform linux/amd64 saved as /workspace/build/build-amd64-receipt.cyclonedx.json
✔ Parsed image sha256:2284ec2b2cbb23b77bbca53478d7bf53ed56b0ec23719ff1336472d9a66b3e72
✔ Cataloged packages [181 packages]
Generating CycloneDX package SBOM using syft for build.oci on platform linux/arm64 saved as /workspace/build/build-arm64-receipt.cyclonedx.json
✔ Parsed image sha256:751726f5f532cb01266cec04629e4fb071d9411f2fccc265e8e892c6eb2a13ce
✔ Cataloged packages [181 packages]
Generating package SBOM for run.oci
Generating CycloneDX package SBOM using syft for run.oci on platform linux/amd64 saved as /workspace/build/run-amd64-receipt.cyclonedx.json
✔ Parsed image sha256:7ff51b5fe8c5ae1a35d6b80bd8488b49a0e203c62a5ea5f98fc2f9747cfd06f8
✔ Cataloged packages [8 packages]
Generating CycloneDX package SBOM using syft for run.oci on platform linux/arm64 saved as /workspace/build/run-arm64-receipt.cyclonedx.json
✔ Parsed image sha256:bebf3e3f4f87f82c339ac9833dbaf8701a6cabe597d40cd91aea778e7593fdce
✔ Cataloged packages [8 packages]
Success! Receipts are:
/workspace/build/build-receipt.cyclonedx.json
/workspace/build/run-receipt.cyclonedx.json
Example output when run with args. You can see that the final receipts printed are the ones passed in.
root@896b3302e73a:/workspace# scripts/receipts.sh --build-image build/build.oci --run-image build/run.oci --build-receipt /tmp/build.json --run-receipt /tmp/run.json
Using jam 2.4.0
Uploading build image to 127.0.0.1:61833/build
Uploading run image to 127.0.0.1:61833/run
Generating package SBOM for build.oci
Generating CycloneDX package SBOM using syft for build.oci on platform linux/amd64 saved as /workspace/build/build-amd64-receipt.cyclonedx.json
✔ Parsed image sha256:2284ec2b2cbb23b77bbca53478d7bf53ed56b0ec23719ff1336472d9a66b3e72
✔ Cataloged packages [181 packages]
Generating CycloneDX package SBOM using syft for build.oci on platform linux/arm64 saved as /workspace/build/build-arm64-receipt.cyclonedx.json
✔ Parsed image sha256:751726f5f532cb01266cec04629e4fb071d9411f2fccc265e8e892c6eb2a13ce
✔ Cataloged packages [181 packages]
Generating package SBOM for run.oci
Generating CycloneDX package SBOM using syft for run.oci on platform linux/amd64 saved as /workspace/build/run-amd64-receipt.cyclonedx.json
✔ Parsed image sha256:7ff51b5fe8c5ae1a35d6b80bd8488b49a0e203c62a5ea5f98fc2f9747cfd06f8
✔ Cataloged packages [8 packages]
Generating CycloneDX package SBOM using syft for run.oci on platform linux/arm64 saved as /workspace/build/run-arm64-receipt.cyclonedx.json
✔ Parsed image sha256:bebf3e3f4f87f82c339ac9833dbaf8701a6cabe597d40cd91aea778e7593fdce
✔ Cataloged packages [8 packages]
Success! Receipts are:
/tmp/build.json
/tmp/run.json
root@896b3302e73a:/workspace#
Checklist
[x] I have viewed, signed, and submitted the Contributor License Agreement.
[x] I have linked issue(s) that this PR should close using keywords or the Github UI (See docs)
[x] I have added an integration test, if necessary.
[x] I have reviewed the styleguide for guidance on my code quality.
[x] I'm happy with the commit history on this PR (I have rebased/squashed as needed).
Summary
This fixes the receipts.sh script so that it uses the
build-receiptsandrun-receiptsargs when they are passed in. I should have added this in the previous PR, but I was only testing with defaults when you runreceipts.shwithout any args. This should fix the create-release workflow.Testing
Below are the results of local testing.
Example output when run with no args
Example output when run with args. You can see that the final receipts printed are the ones passed in.
Checklist