From 788da9a4ef4dc052350da732e98dac81f8d112df Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Mon, 29 Apr 2024 12:00:05 +0200 Subject: [PATCH 1/2] github-action: provenance for dockerhub --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1ef2853b..14631f4a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,6 +53,6 @@ jobs: - name: Attest image uses: github-early-access/generate-build-provenance@main with: - subject-name: ${{ env.DOCKER_IMAGE_NAME }} + subject-name: index.docker.io/${{ env.DOCKER_IMAGE_NAME }} subject-digest: ${{ steps.docker-push.outputs.digest }} - push-to-registry: false + push-to-registry: true From 9efaae3f591e7f2e2a61343bac65a82e999ee995 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Mon, 29 Apr 2024 12:01:20 +0200 Subject: [PATCH 2/2] github-action: add provenance and sbom support with the github-action --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 14631f4a..550e2a72 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -46,7 +46,9 @@ jobs: uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 with: context: . + provenance: mode=max push: true + sbom: true tags: ${{ steps.docker-meta.outputs.tags }} labels: ${{ steps.docker-meta.outputs.labels }}