✨ add attestations to image build

carlosthe19916 · carlosthe19916 · commit 13079cdd626c · 2025-07-26T13:03:26.000+02:00
diff --git a/.github/workflows/build-push-images.yaml b/.github/workflows/build-push-images.yaml
@@ -193,4 +193,20 @@ jobs:
           tags: ${{ env.tag }}
           username: ${{ secrets.registry_username }}
           password: ${{ secrets.registry_password }}
-          registry: ${{ inputs.registry }}
+          registry: ${{ inputs.registry }}
+
+  attestations:
+    needs: manifest
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
+      packages: write
+    steps:
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ inputs.registry }}/${{ inputs.image_name }}:${{ needs.prepare.outputs.tag }}
+          subject-digest: 'sha256:fedcba0...'
+          push-to-registry: true
