From 426c0ef7777212c4acd14e457856a8932443df14 Mon Sep 17 00:00:00 2001 From: Thomas Carmet <8408330+tcarmet@users.noreply.github.com> Date: Tue, 30 Apr 2024 14:40:57 -0700 Subject: [PATCH 1/6] Update docker-build.yaml --- .github/workflows/docker-build.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml index 0d2a0a5..0163c13 100644 --- a/.github/workflows/docker-build.yaml +++ b/.github/workflows/docker-build.yaml @@ -86,6 +86,7 @@ jobs: - name: Build and push ${{ inputs.name }} image uses: docker/build-push-action@v5 + id: push with: context: ${{ inputs.context }} provenance: ${{ inputs.provenance }} @@ -98,3 +99,10 @@ jobs: build-args: ${{ inputs.build-args }} file: ${{ env.FILE }} secrets: ${{ inputs.secrets }} + + - name: Attest image + uses: github-early-access/generate-build-provenance@main + with: + subject-name: ${{ inputs.registry }}/${{ inputs.namespace }}/${{ inputs.name }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true From 6fe93f516ce85bb3512bc4e69e5c659ebc95a63c Mon Sep 17 00:00:00 2001 From: Thomas Carmet <8408330+tcarmet@users.noreply.github.com> Date: Tue, 30 Apr 2024 14:42:37 -0700 Subject: [PATCH 2/6] Update docker-build.yaml --- .github/workflows/docker-build.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml index 0163c13..c407fa9 100644 --- a/.github/workflows/docker-build.yaml +++ b/.github/workflows/docker-build.yaml @@ -63,6 +63,11 @@ on: jobs: build: + permissions: + id-token: write + packages: write + attestations: write + contents: read env: REGISTRY_LOGIN: "${{ secrets.REGISTRY_LOGIN || github.repository_owner }}" REGISTRY_PASSWORD: "${{ secrets.REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}" From 3b1272d831db2f2f49f5d765c9f7908fa3d01afb Mon Sep 17 00:00:00 2001 From: Thomas Carmet <8408330+tcarmet@users.noreply.github.com> Date: Tue, 30 Apr 2024 14:44:24 -0700 Subject: [PATCH 3/6] Update docker-build.yaml --- .github/workflows/docker-build.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml index c407fa9..fcfb9ed 100644 --- a/.github/workflows/docker-build.yaml +++ b/.github/workflows/docker-build.yaml @@ -111,3 +111,4 @@ jobs: subject-name: ${{ inputs.registry }}/${{ inputs.namespace }}/${{ inputs.name }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true + From a73d38eee737bd4e91603e352ac0aab130b8c50d Mon Sep 17 00:00:00 2001 From: Thomas Carmet <8408330+tcarmet@users.noreply.github.com> Date: Tue, 30 Apr 2024 14:44:35 -0700 Subject: [PATCH 4/6] Update docker-build.yaml --- .github/workflows/docker-build.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml index fcfb9ed..c407fa9 100644 --- a/.github/workflows/docker-build.yaml +++ b/.github/workflows/docker-build.yaml @@ -111,4 +111,3 @@ jobs: subject-name: ${{ inputs.registry }}/${{ inputs.namespace }}/${{ inputs.name }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true - From 8e5ec86e0e60cae7e1c72551ccfbe33db54e4a39 Mon Sep 17 00:00:00 2001 From: Thomas Carmet <8408330+tcarmet@users.noreply.github.com> Date: Tue, 30 Apr 2024 14:45:37 -0700 Subject: [PATCH 5/6] Update tests.yaml --- .github/workflows/tests.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 532467c..81eabd6 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -5,6 +5,7 @@ permissions: contents: read security-events: write pull-requests: write + attestations: write jobs: docker-build: From 971a7ae06072087a5af6c1ffe3f744137eec8071 Mon Sep 17 00:00:00 2001 From: Thomas Carmet <8408330+tcarmet@users.noreply.github.com> Date: Tue, 30 Apr 2024 14:46:02 -0700 Subject: [PATCH 6/6] Update tests.yaml --- .github/workflows/tests.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 81eabd6..184f75a 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -6,6 +6,7 @@ permissions: security-events: write pull-requests: write attestations: write + id-token: write jobs: docker-build: