File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 3535 contents : read
3636 id-token : write
3737 packages : write
38+ attestations : write
3839
3940 steps :
4041 - uses : actions/checkout@v6
@@ -98,14 +99,23 @@ jobs:
9899 context : ./
99100 file : ./Dockerfile
100101 push : ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
101- provenance : false
102+ provenance : mode=max
103+ sbom : true
102104 tags : ${{ steps.meta.outputs.tags }}
103105 labels : ${{ steps.meta.outputs.labels }}
104106 build-args : |
105107 FOUNDRY_VERSION=${{ env.FOUNDRY_VERSION }}
106108 REGISTRY_COMMIT=${{ env.REGISTRY_VERSION }}
107109platforms : ${{ steps.determine-platforms.outputs.platforms }}
108110
111+ - name : Attest build provenance
112+ if : github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
113+ uses : actions/attest-build-provenance@v2
114+ with :
115+ subject-name : ghcr.io/hyperlane-xyz/hyperlane-monorepo
116+ subject-digest : ${{ steps.build.outputs.digest }}
117+ push-to-registry : true
118+
109119 - name : Generate job summary
110120 if : always()
111121 run : |
Original file line number Diff line number Diff line change 3535 id-token : write
3636 packages : write
3737 pull-requests : write
38+ attestations : write
3839
3940 steps :
4041 - name : Generate GitHub App Token
@@ -101,14 +102,23 @@ jobs:
101102 context : ./
102103 file : ./typescript/Dockerfile
103104 push : ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
104- provenance : false
105+ provenance : mode=max
106+ sbom : true
105107 tags : ${{ steps.meta.outputs.tags }}
106108 labels : ${{ steps.meta.outputs.labels }}
107109 build-args : |
108110 FOUNDRY_VERSION=${{ env.FOUNDRY_VERSION }}
109111 SERVICE_VERSION=${{ steps.taggen.outputs.TAG_SHA }}-${{ steps.taggen.outputs.TAG_DATE }}
110112platforms : ${{ steps.determine-platforms.outputs.platforms }}
111113
114+ - name : Attest build provenance
115+ if : github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
116+ uses : actions/attest-build-provenance@v2
117+ with :
118+ subject-name : ghcr.io/hyperlane-xyz/hyperlane-node-services
119+ subject-digest : ${{ steps.build.outputs.digest }}
120+ push-to-registry : true
121+
112122 - name : Generate image tags output
113123 id : image-tags
114124 if : always()
Original file line number Diff line number Diff line change 3232 id-token : write
3333 packages : write
3434 pull-requests : write
35+ attestations : write
3536
3637 steps :
3738 - name : Generate GitHub App Token
@@ -107,11 +108,20 @@ jobs:
107108 context : .
108109 file : ./rust/Dockerfile
109110 push : ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
110- provenance : false
111+ provenance : mode=max
112+ sbom : true
111113 tags : ${{ steps.meta.outputs.tags }}
112114 labels : ${{ steps.meta.outputs.labels }}
113115 platforms : ${{ steps.determine-platforms.outputs.platforms }}
114116
117+ - name : Attest build provenance
118+ if : github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
119+ uses : actions/attest-build-provenance@v2
120+ with :
121+ subject-name : ghcr.io/hyperlane-xyz/hyperlane-agent
122+ subject-digest : ${{ steps.build.outputs.digest }}
123+ push-to-registry : true
124+
115125 - name : Comment image tags on PR
116126 if : github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && always()
117127 uses : ./.github/actions/docker-image-comment
You can’t perform that action at this time.
0 commit comments