JLM-19: Publish build info

Author: jmatias

.github/actions/build-docker-image/action.yml

@@ -61,21 +61,22 @@ runs:
           type=raw,value=${{ steps.prep.outputs.VERSION }}
           type=raw,value=latest
 
-    - name: Publish base image
-      uses: docker/build-push-action@v6
-      with:
-        push: true
-        builder: ${{ steps.buildx.outputs.name }}
-        context: .
-        platforms: linux/amd64
-        file: ./Dockerfile.base
-        tags: ${{ inputs.image_repository }}-base:latest
-        cache-from: type=gha,scope=release-base
-        cache-to: type=gha,scope=release-base,mode=max
+#    - name: Publish base image
+#      uses: docker/build-push-action@v6
+#      with:
+#        push: true
+#        builder: ${{ steps.buildx.outputs.name }}
+#        context: .
+#        platforms: linux/amd64
+#        file: ./Dockerfile.base
+#        tags: ${{ inputs.image_repository }}-base:latest
+#        cache-from: type=gha,scope=release-base
+#        cache-to: type=gha,scope=release-base,mode=max
 
 
     - name: Publish docker image
       uses: docker/build-push-action@v6
+      id: build-push
       with:
         sbom: true
         provenance: true
@@ -91,27 +92,13 @@ runs:
         cache-from: type=gha,scope=release-multiarch
         cache-to: type=gha,scope=release-multiarch,mode=max
 
-    - name: Setup JFrog CLI
-      uses: jfrog/setup-jfrog-cli@v4
-      env:
-        JF_URL: ${{ vars.JF_URL }}
-      with:
-        oidc-provider-name: ${{ github.repository }}@github
 
-    - name: Capture image digest
-      id: image-digest
-      env:
-        IMAGE_REF: ${{ inputs.image_repository }}:${{ steps.prep.outputs.VERSION }}
-      shell: bash
-      run: |
-        DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "$IMAGE_REF" | cut -d@ -f2)"
-        echo "digest=$DIGEST" >> "$GITHUB_OUTPUT"
 
     - name: Generate signed provenance attestation
       uses: actions/attest-build-provenance@v3
       with:
         subject-name: ${{ env.IMAGE_REPOSITORY }}
-        subject-digest: ${{ steps.image-digest.outputs.digest }}
+        subject-digest: ${{ steps.build-push.outputs.digest }}
 
     - name: Publish Build info With JFrog CLI
       env:

.github/workflows/main-pipeline.yml

@@ -77,6 +77,7 @@ jobs:
 
     permissions:
       id-token: write
+      attestations: write
 
     outputs:
       image_tag: ${{ steps.build.outputs.image_tag }}
@@ -92,6 +93,12 @@ jobs:
           role-to-assume: arn:aws:iam::745892955196:role/github-actions
           aws-region: us-east-1
 
+      - name: Setup JFrog CLI
+        uses: jfrog/setup-jfrog-cli@v4
+        env:
+          JF_URL: ${{ vars.JF_URL }}
+        with:
+          oidc-provider-name: ${{ github.repository }}@github
 
       - name: Build and publish images
         id: build