ci(build): update image tag to use branch name in workflow#213
ci(build): update image tag to use branch name in workflow#213dmitrii-parshenkov merged 1 commit intomainfrom
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on December 17
Details
Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| uses: anchore/sbom-action@fbfd9c6c189226748411491745178e0c2017392d # v0.20.10 | ||
| with: | ||
| image: ${{ steps.meta.outputs.tags }} | ||
| image: ghcr.io/mostly-ai/docs:${{ github.ref_name }} |
There was a problem hiding this comment.
Bug: SBOM references wrong tag for slash-containing branches
The SBOM generation step uses github.ref_name directly as the Docker image tag, but the build step uses steps.meta.outputs.tags from docker/metadata-action. The metadata action sanitizes branch names by converting slashes to hyphens (e.g., feature/foo becomes feature-foo), while github.ref_name returns the raw branch name with slashes. For branches containing slashes, the SBOM step will attempt to scan an image tag that doesn't exist, causing the workflow to fail.
1 participant
Note
Update workflow to generate SBOM from the branch-tagged image (
ghcr.io/mostly-ai/docs:${{ github.ref_name }}) instead of metadata-derived tags.Written by Cursor Bugbot for commit 61f73d3. This will update automatically on new commits. Configure here.