From 6aaee061b2a866021170f45d0e9fdee066b5da72 Mon Sep 17 00:00:00 2001
From: dtrai2 <d.trai282@gmail.com>
Date: Tue, 17 Dec 2024 16:39:19 +0100
Subject: [PATCH] fix sbom filename

---
 .github/workflows/container-build.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml
index 6a9995cab..453164d98 100644
--- a/.github/workflows/container-build.yml
+++ b/.github/workflows/container-build.yml
@@ -89,13 +89,13 @@ jobs:
         uses: anchore/sbom-action@v0
         with:
           image: ghcr.io/fkie-cad/logprep@${{ steps.build-and-push.outputs.digest }}
-          artifact-name: logprep@${{ steps.build-and-push.outputs.digest }}.spdx.json
-          output-file: logprep@${{ steps.build-and-push.outputs.digest }}.spdx.json
+          artifact-name: logprep@${{ steps.imageid.outputs.imageid }}.spdx.json
+          output-file: logprep@${{ steps.imageid.outputs.imageid }}.spdx.json
 
       - name: Sign image with a key and add sbom attestation
         run: |
           cosign sign --yes --key env://COSIGN_PRIVATE_KEY ghcr.io/fkie-cad/logprep@${{ steps.build-and-push.outputs.digest }}
-          cosign attest --yes --key env://COSIGN_PRIVATE_KEY --predicate logprep@${{ steps.build-and-push.outputs.digest }}.spdx.json ghcr.io/fkie-cad/logprep@${{ steps.build-and-push.outputs.digest }}
+          cosign attest --yes --key env://COSIGN_PRIVATE_KEY --predicate logprep@${{ steps.imageid.outputs.imageid }}.spdx.json ghcr.io/fkie-cad/logprep@${{ steps.build-and-push.outputs.digest }}
         env:
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}