#!/usr/bin/env bash
set -euo pipefail

# Example evidence-oriented release flow for a container image.
# Assumes Chainloop CLI is already authenticated.

IMAGE_REF="${IMAGE_REF:-ghcr.io/example/payments-api:1.4.2}"
SBOM_FILE="${SBOM_FILE:-sbom.cdx.json}"
SARIF_FILE="${SARIF_FILE:-semgrep.sarif}"

chainloop att init --workflow release-build --project payments-api
chainloop att add --value "${IMAGE_REF}"
chainloop att add --value "${SBOM_FILE}" --kind SBOM_CYCLONEDX_JSON
chainloop att add --value "${SARIF_FILE}" --kind SARIF
chainloop att push