Skip to content

feat: SBOM attestation, dataset collection fix, migration script#126

Merged
Pyronewbic merged 1 commit into
mainfrom
dev
May 20, 2026
Merged

feat: SBOM attestation, dataset collection fix, migration script#126
Pyronewbic merged 1 commit into
mainfrom
dev

Conversation

@Pyronewbic

@Pyronewbic Pyronewbic commented May 20, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add cosign SBOM attestation (Syft SPDX from built container image) to deploy pipeline, between signature and SLSA provenance
  • Fix grading dataset collection: parse grade from listing title (not just grade label), wire into /api/search, /api/sold, and magi in track-prices
  • Add GCP project migration script for potential $300 free trial credits
  • Update docs: test counts (486), deploy pipeline, dataset sources

Test plan

  • CI passes (unit + codeql)
  • Deploy succeeds with new SBOM attest step
  • Verify SBOM attestation: cosign verify-attestation --type spdxjson
  • Monitor grading-dataset stats after deploy (should start collecting from search/sold)

@Pyronewbic
feat: SBOM attestation on container image, dataset collection from al…
5fd7f39 
…l sources

- Add cosign SBOM attestation (Syft SPDX from built image) to deploy pipeline
- Fix grading dataset to parse grade from listing title, not just grade label
- Wire saveGradedImages into /api/search, /api/sold, and magi in track-prices
- Add GCP project migration script (scripts/migrate-gcp-project.sh)
- Update docs: test counts (486), deploy pipeline, dataset sources
@Pyronewbic Pyronewbic merged commit 4266871 into main May 20, 2026
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Pyronewbic