From 438846f32deb4ade7d165a3286ab747c2fae04ac Mon Sep 17 00:00:00 2001
From: Cody Soyland <codysoyland@github.com>
Date: Mon, 3 Jun 2024 16:10:36 -0400
Subject: [PATCH] Remove ko sbom generation (#162)

Getting unauthorized error when trying to upload sbom to ghcr. Removing sbom for now to get working build.

Signed-off-by: Cody Soyland <codysoyland@github.com>
---
 .github/workflows/release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 8fbe34a6..e47fb775 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -36,7 +36,7 @@ jobs:
           mkdir -p ${{ env.KOCACHE }}
           # ko build should print ghcr.io/github/policy-controller-webhook@sha256:<digest>
           # to standard out. Capture the image digest for the build provenance step
-          IMAGE_DIGEST=$(ko build --bare --tags $GIT_VERSION --tags $GIT_HASH --platform=linux/amd64 github.com/sigstore/policy-controller/cmd/webhook | cut -d'@' -f2)
+          IMAGE_DIGEST=$(ko build --bare --tags $GIT_VERSION --tags $GIT_HASH --platform=linux/amd64 --sbom=none github.com/sigstore/policy-controller/cmd/webhook | cut -d'@' -f2)
           echo "image_digest=$IMAGE_DIGEST" >> $GITHUB_OUTPUT
       - name: Attest
         uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1