Skip to content

Commit

Permalink
[actions] Generate artifact attestation
Browse files Browse the repository at this point in the history
  • Loading branch information
dungdm93 committed Sep 23, 2024
1 parent c32a694 commit 5213f0c
Showing 1 changed file with 12 additions and 3 deletions.
15 changes: 12 additions & 3 deletions .github/workflows/docker-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,9 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
packages: write
attestations: write
strategy:
matrix:
distro: [ubuntu]
Expand Down Expand Up @@ -43,8 +44,8 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
id: meta
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
with:
Expand All @@ -66,8 +67,8 @@ jobs:
docker buildx inspect
- name: Build and push Docker image
id: publish
uses: docker/build-push-action@v6
id: publish
with:
pull: true
push: true
Expand All @@ -82,3 +83,11 @@ jobs:
platforms: |
linux/amd64
linux/arm64
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
id: attest
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.publish.outputs.digest }}
push-to-registry: true

0 comments on commit 5213f0c

Please sign in to comment.