From 7b140cadb51c24e6b516dc4d75e3cb28528801c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=90=E1=BA=B7ng=20Minh=20D=C5=A9ng?= Date: Mon, 23 Sep 2024 22:54:47 +0700 Subject: [PATCH] [actions] Generate artifact attestation --- .github/workflows/docker-publish.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 7d456dd..9da6d39 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -43,8 +43,8 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Extract Docker metadata - id: meta uses: docker/metadata-action@v5 + id: meta env: DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index with: @@ -66,8 +66,8 @@ jobs: docker buildx inspect - name: Build and push Docker image - id: publish uses: docker/build-push-action@v6 + id: publish with: pull: true push: true @@ -82,3 +82,11 @@ jobs: platforms: | linux/amd64 linux/arm64 + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + id: attest + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + subject-digest: ${{ steps.publish.outputs.digest }} + push-to-registry: true