Commit 99262d2
committed
ci(release): sign container images + attach SLSA provenance/SBOM (cosign keyless)
Achieves SLSA Build L2 for all pushed container images.
Note: Scorecard's Signed-Releases check reads only GitHub Release *assets*
(tarballs/wheels), not container registries, so this does not change the
Scorecard score. The signing is for genuine supply-chain security: consumers
of the GHCR images can verify who built them, via what workflow, from what
commit.
Design choices
--------------
* Digest capture: `--metadata-file metadata.json` on `docker buildx build`;
`jq -r '."containerimage.digest"'` extracts the immutable sha256 index
digest. Signing is done against `IMAGE@DIGEST` — never against a mutable
tag.
* Signature: `cosign sign --yes` (keyless/Sigstore OIDC). The Rekor
transparency-log entry embeds the GitHub Actions workflow identity.
* Provenance: `actions/attest-build-provenance` with `push-to-registry: true`.
This generates a SLSA provenance attestation signed with the OIDC token and
stores it in the registry. Rationale for using both cosign + attest:
cosign produces the OCI referrer signature object; attest-build-provenance
produces a GitHub-native SLSA provenance attestation — they are
complementary and independently verifiable.
* SBOM: `--sbom=true` on the BuildKit invocation injects an in-toto SBOM
attestation into the image at build time (no separate step needed).
* `--provenance=true` on the BuildKit build also injects the BuildKit-level
SLSA provenance attestation directly into the OCI index.
prod-containers job
-------------------
* Added `id-token: write` + `attestations: write` permissions.
* Added `--provenance=true --sbom=true --metadata-file metadata.json` to the
buildx invocation.
* Added cosign-installer, `cosign sign`, and attest-build-provenance steps
after the build+push step.
prod-manifests job
------------------
* Added `id-token: write` + `attestations: write` permissions.
* cosign-installer step added before the manifest-creation step.
* After each `imagetools create`, the manifest-list digest is captured via
`docker buildx imagetools inspect --format '{{json .Manifest}}'` and
collected; a trailing `cosign sign` step signs all unique manifest-list
digests. The per-python images (the leaves) are already signed in
prod-containers; this closes the chain for the convenience tags.
dev-containers job (container-pipeline)
----------------------------------------
* Applied identical signing (cosign + attest-build-provenance) gated on
`steps.build.outputs.pushed == 'true'`, so PR builds and local-only builds
skip signing entirely. Push paths (push to main/develop, workflow_dispatch
with push_images=true) receive the same supply-chain guarantees as prod.1 parent 0fbbe07 commit 99262d2
2 files changed
Lines changed: 105 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
103 | 103 | | |
104 | 104 | | |
105 | 105 | | |
| 106 | + | |
| 107 | + | |
| 108 | + | |
| 109 | + | |
106 | 110 | | |
107 | 111 | | |
108 | 112 | | |
| |||
134 | 138 | | |
135 | 139 | | |
136 | 140 | | |
| 141 | + | |
137 | 142 | | |
138 | 143 | | |
139 | 144 | | |
| |||
169 | 174 | | |
170 | 175 | | |
171 | 176 | | |
| 177 | + | |
| 178 | + | |
| 179 | + | |
172 | 180 | | |
173 | 181 | | |
174 | 182 | | |
175 | 183 | | |
176 | 184 | | |
177 | 185 | | |
| 186 | + | |
| 187 | + | |
| 188 | + | |
| 189 | + | |
| 190 | + | |
| 191 | + | |
| 192 | + | |
| 193 | + | |
178 | 194 | | |
179 | 195 | | |
180 | 196 | | |
| |||
195 | 211 | | |
196 | 212 | | |
197 | 213 | | |
| 214 | + | |
198 | 215 | | |
199 | 216 | | |
| 217 | + | |
| 218 | + | |
| 219 | + | |
| 220 | + | |
| 221 | + | |
| 222 | + | |
| 223 | + | |
| 224 | + | |
| 225 | + | |
| 226 | + | |
| 227 | + | |
| 228 | + | |
| 229 | + | |
| 230 | + | |
| 231 | + | |
| 232 | + | |
| 233 | + | |
| 234 | + | |
| 235 | + | |
| 236 | + | |
200 | 237 | | |
201 | 238 | | |
202 | 239 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
95 | 95 | | |
96 | 96 | | |
97 | 97 | | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
98 | 102 | | |
99 | 103 | | |
100 | 104 | | |
| |||
119 | 123 | | |
120 | 124 | | |
121 | 125 | | |
| 126 | + | |
122 | 127 | | |
123 | 128 | | |
124 | 129 | | |
| |||
134 | 139 | | |
135 | 140 | | |
136 | 141 | | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
137 | 145 | | |
138 | 146 | | |
139 | 147 | | |
140 | 148 | | |
141 | 149 | | |
142 | 150 | | |
| 151 | + | |
| 152 | + | |
| 153 | + | |
| 154 | + | |
| 155 | + | |
| 156 | + | |
143 | 157 | | |
144 | 158 | | |
145 | 159 | | |
146 | 160 | | |
147 | 161 | | |
| 162 | + | |
| 163 | + | |
| 164 | + | |
| 165 | + | |
| 166 | + | |
| 167 | + | |
| 168 | + | |
| 169 | + | |
| 170 | + | |
| 171 | + | |
| 172 | + | |
| 173 | + | |
| 174 | + | |
| 175 | + | |
| 176 | + | |
| 177 | + | |
| 178 | + | |
| 179 | + | |
| 180 | + | |
| 181 | + | |
| 182 | + | |
| 183 | + | |
| 184 | + | |
148 | 185 | | |
149 | 186 | | |
150 | 187 | | |
| |||
171 | 208 | | |
172 | 209 | | |
173 | 210 | | |
| 211 | + | |
| 212 | + | |
| 213 | + | |
174 | 214 | | |
175 | 215 | | |
176 | 216 | | |
| |||
183 | 223 | | |
184 | 224 | | |
185 | 225 | | |
| 226 | + | |
| 227 | + | |
| 228 | + | |
186 | 229 | | |
| 230 | + | |
187 | 231 | | |
188 | 232 | | |
189 | 233 | | |
| |||
206 | 250 | | |
207 | 251 | | |
208 | 252 | | |
| 253 | + | |
| 254 | + | |
| 255 | + | |
209 | 256 | | |
210 | 257 | | |
211 | 258 | | |
| |||
214 | 261 | | |
215 | 262 | | |
216 | 263 | | |
| 264 | + | |
| 265 | + | |
| 266 | + | |
217 | 267 | | |
218 | 268 | | |
219 | 269 | | |
| |||
226 | 276 | | |
227 | 277 | | |
228 | 278 | | |
| 279 | + | |
| 280 | + | |
229 | 281 | | |
230 | 282 | | |
231 | 283 | | |
| 284 | + | |
| 285 | + | |
| 286 | + | |
| 287 | + | |
| 288 | + | |
| 289 | + | |
| 290 | + | |
| 291 | + | |
| 292 | + | |
| 293 | + | |
| 294 | + | |
| 295 | + | |
| 296 | + | |
| 297 | + | |
| 298 | + | |
| 299 | + | |
232 | 300 | | |
233 | 301 | | |
234 | 302 | | |
| |||
0 commit comments