Skip to content

Commit f75fd03

Browse files
Create build-attested-image.yml (#217)
* Create build-attested-image.yml CI: Introduce a build-attested-image workflow that builds and pushes a Docker image to GitHub Container Registry and generates build provenance attestations. Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> * Update .github/workflows/build-attested-image.yml Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com> Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> --------- Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com> Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
1 parent 6bab3de commit f75fd03

1 file changed

Lines changed: 44 additions & 0 deletions

File tree

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
name: build-attested-image
2+
3+
on:
4+
push:
5+
branches: [main]
6+
7+
jobs:
8+
build:
9+
runs-on: ubuntu-latest
10+
permissions:
11+
id-token: write
12+
packages: write
13+
contents: read
14+
attestations: write
15+
env:
16+
REGISTRY: ghcr.io
17+
IMAGE_NAME: ${{ github.repository }}
18+
19+
steps:
20+
- name: Checkout
21+
uses: actions/checkout@v4
22+
- name: Login to GitHub Container Registry
23+
uses: docker/login-action@v3
24+
with:
25+
registry: ${{ env.REGISTRY }}
26+
username: ${{ github.actor }}
27+
password: ${{ secrets.GITHUB_TOKEN }}
28+
- name: Build and push image
29+
id: push
30+
uses: docker/build-push-action@v5.0.0
31+
with:
32+
context: .
33+
push: true
34+
tags: |
35+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
36+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
37+
- name: Attest
38+
uses: actions/attest-build-provenance@v1
39+
id: attest
40+
with:
41+
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
42+
subject-digest: ${{ steps.push.outputs.digest }}
43+
push-to-registry: true
44+

0 commit comments

Comments
 (0)