diff --git a/.github/workflows/create-db.yaml b/.github/workflows/create-db.yaml index 855bfb4..b4b1588 100644 --- a/.github/workflows/create-db.yaml +++ b/.github/workflows/create-db.yaml @@ -46,4 +46,4 @@ jobs: working-directory: /home/runner/.cache/tally/db run: | zstd -k -19 tally.db - oras push ${{ env.REGISTRY }}/${{ github.repository }}/db:latest metadata.json:application/vnd.jetstack.tally.metadata.layer.v1 tally.db.zst:application/vnd.jetstack.tally.db.layer.v1+zstd + oras push ${{ env.REGISTRY }}/${{ github.repository }}/db:v1 metadata.json:application/vnd.jetstack.tally.metadata.layer.v1 tally.db.zst:application/vnd.jetstack.tally.db.layer.v1+zstd diff --git a/README.md b/README.md index b5e5221..0772fc9 100644 --- a/README.md +++ b/README.md @@ -150,7 +150,7 @@ The supported SBOM formats are: ## Database When `tally` runs for the first time, it pulls down a database from -`ghcr.io/jetstack/tally/db:latest` and caches it locally, typically in +`ghcr.io/jetstack/tally/db:v1` and caches it locally, typically in `~/.cache/tally/db`. It uses the data in this database to associate Scorecard scores with packages. diff --git a/cmd/root.go b/cmd/root.go index 73469b2..231f40e 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -237,6 +237,6 @@ func init() { rootCmd.Flags().StringVarP(&ro.Output, "output", "o", "short", fmt.Sprintf("output format, options=%s", output.Formats)) rootCmd.Flags().BoolVarP(&ro.GenerateScores, "generate", "g", false, "generate scores for repositories that aren't in the database. The GITHUB_TOKEN environment variable must be set.") rootCmd.Flags().BoolVar(&ro.CheckForUpdate, "check-for-update", true, "check for database update") - rootCmd.Flags().StringVar(&ro.DBRef, "db-reference", "ghcr.io/jetstack/tally/db:latest", "image reference to download database from") + rootCmd.Flags().StringVar(&ro.DBRef, "db-reference", "ghcr.io/jetstack/tally/db:v1", "image reference to download database from") rootCmd.Flags().Var(&ro.FailOn, "fail-on", "fail if a package is found with a score <= to the given value") }