From ccd6f4bda5d9767acbc1ddf5991d3c23fae04f8f Mon Sep 17 00:00:00 2001
From: "Jose I. Paris" <jiparis@chainloop.dev>
Date: Mon, 3 Mar 2025 13:39:37 +0100
Subject: [PATCH] skip file cataloger in syft scans

Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
---
 .github/workflows/release.yaml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index f6bfcb95e..e4c5d0560 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -111,7 +111,7 @@ jobs:
             if [[ $entry != *latest ]]; then
               material_name="$(echo $entry | sed 's#.*/##')"
           
-              syft -o cyclonedx-json=/tmp/sbom-$material_name.cyclonedx.json $entry
+              syft -o cyclonedx-json=/tmp/sbom-$material_name.cyclonedx.json --select-catalogers -file $entry
               chainloop attestation add --value $entry --kind CONTAINER_IMAGE --attestation-id ${{ env.ATTESTATION_ID }}
               chainloop attestation add --value /tmp/sbom-$material_name.cyclonedx.json --kind SBOM_CYCLONEDX_JSON --attestation-id ${{ env.ATTESTATION_ID }}
           
@@ -157,9 +157,10 @@ jobs:
         id: attestation_push
         if: ${{ success() }}
         run: |
-          attestation_sha=$(chainloop attestation push --attestation-id ${{ needs.init_attestation.outputs.attestation_id }} -o json | jq -r '.digest')
+          chainloop attestation push --attestation-id ${{ needs.init_attestation.outputs.attestation_id }}
+          attestation_sha=$(chainloop wf run describe --id ${{ needs.init_attestation.outputs.attestation_id }} -o json | jq -r '.digest')
           # check that the command succeeded
-          [ -n "${attestation_sha}" ] || exit 1
+          [ -n "$attestation_sha" ] || exit 1
           echo "attestation_sha=$attestation_sha" >> $GITHUB_OUTPUT
 
       - name: Mark attestation as failed