From 8681a16b9fcc536a7fdcd9c37ba8389bf1c43b5e Mon Sep 17 00:00:00 2001
From: Javier Rodriguez <javier@chainloop.dev>
Date: Mon, 10 Feb 2025 09:50:48 +0100
Subject: [PATCH 1/2] fix(ci): Restore push of sbom to GitHub release

Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
---
 .github/workflows/release.yaml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index ac3163cca..8109f1ae8 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -109,12 +109,14 @@ jobs:
           for entry in $images; do
             # exclude latest tag
             if [[ $entry != *latest ]]; then
-              syft -o cyclonedx-json=/tmp/sbom.cyclonedx.json $entry
-              chainloop attestation add --value $entry --kind CONTAINER_IMAGE --attestation-id ${{ env.ATTESTATION_ID }}
-              chainloop attestation add --value /tmp/sbom.cyclonedx.json --attestation-id ${{ env.ATTESTATION_ID }}
+              material_name="$(echo $entry | sed 's#.*/##')"
+          
+              syft -o cyclonedx-json=/tmp/sbom-$material_name.cyclonedx.json $entry
+              chainloop attestation add --value $entry --attestation-id ${{ env.ATTESTATION_ID }}
+              chainloop attestation add --value /tmp/sbom-$material_name.cyclonedx.json --attestation-id ${{ env.ATTESTATION_ID }}
           
               # Upload the SBOM to the release
-              # gh release upload ${{ github.ref_name }} /tmp/sbom-$material_name.cyclonedx.json --clobber
+              gh release upload ${{ github.ref_name }} /tmp/sbom-$material_name.cyclonedx.json --clobber
             fi
           done
 

From b8f8c87e8db0f06d0bb2de10c0b3b7079a151815 Mon Sep 17 00:00:00 2001
From: Javier Rodriguez <javier@chainloop.dev>
Date: Mon, 10 Feb 2025 13:06:16 +0100
Subject: [PATCH 2/2] add material kinds

Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
---
 .github/workflows/release.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 8109f1ae8..8229d9eaa 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -112,8 +112,8 @@ jobs:
               material_name="$(echo $entry | sed 's#.*/##')"
           
               syft -o cyclonedx-json=/tmp/sbom-$material_name.cyclonedx.json $entry
-              chainloop attestation add --value $entry --attestation-id ${{ env.ATTESTATION_ID }}
-              chainloop attestation add --value /tmp/sbom-$material_name.cyclonedx.json --attestation-id ${{ env.ATTESTATION_ID }}
+              chainloop attestation add --value $entry --kind CONTAINER_IMAGE --attestation-id ${{ env.ATTESTATION_ID }}
+              chainloop attestation add --value /tmp/sbom-$material_name.cyclonedx.json --kind SBOM_CYCLONEDX_JSON --attestation-id ${{ env.ATTESTATION_ID }}
           
               # Upload the SBOM to the release
               gh release upload ${{ github.ref_name }} /tmp/sbom-$material_name.cyclonedx.json --clobber