Skip to content

Commit

Permalink
Generate attestation for gerenated docker image
Browse files Browse the repository at this point in the history 
Signed-off-by: Sylvain Rabot <[email protected]>
  • Loading branch information
@sylr
sylr committed Jul 7, 2024
1 parent 30c938a commit acf09b5
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .dockerignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
dist
.go-build-flags
.buildx-metadata.json
10 changes: 10 additions & 0 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,5 +79,15 @@ jobs:
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin

- name: Build and push docker image
id: docker-build
run: |
make docker-buildx-push
jq -r '."image.name" | split(":"; null)[0] | ("image="+.)' < .buildx-metadata.json >> "$GITHUB_OUTPUT"
jq -r '."containerimage.digest" | ("digest="+.)' < .buildx-metadata.json >> "$GITHUB_OUTPUT"
- uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ steps.docker-build.outputs.image }}
subject-digest: ${{ steps.docker-build.outputs.digest }}
push-to-registry: true

1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ dist
.vscode
.go-build-flags
go.work*
.buildx-metadata.json
1 change: 1 addition & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ DOCKER_BUILD_LABELS += --label org.opencontainers.image.revision=$(GIT_REVIS
DOCKER_BUILD_LABELS += --label org.opencontainers.image.version=$(GIT_VERSION)
DOCKER_BUILD_LABELS += --label org.opencontainers.image.created=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ')
DOCKER_BUILD_BUILD_ARGS ?= --build-arg=GO_VERSION=$(DOCKER_BUILD_GO_VERSION)
DOCKER_BUILD_BUILD_ARGS += --metadata-file=.buildx-metadata.json
DOCKER_BUILDX_PLATFORMS ?= linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6

ifeq ($(CI),true)
Expand Down

0 comments on commit acf09b5

Please sign in to comment.