Merge pull request #564 from rancher-sandbox/dependabot/github_action… #367

	name: Build, Sign, and Generate SBOM, Attestation & Provenance

	on:
	workflow_call:
	inputs:
	version:
	type: string

	push:
	branches:
	- "main"
	jobs:
	build:
	strategy:
	matrix:
	component: [controller, agent, debugger]
	arch: [amd64, arm64]
	include:
	- arch: amd64
	runner: ubuntu-latest
	- arch: arm64
	runner: ubuntu-24.04-arm
	permissions:
	contents: read
	packages: write # Pushing images to ghcr.io
	id-token: write # Signing images with cosign
	runs-on: ${{ matrix.runner }}
	steps:
	- name: Checkout code
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	persist-credentials: false
	- name: Build image
	uses: ./.github/actions/container-build
	with:
	arch: ${{ matrix.arch }}
	dockerfile: package/Dockerfile.${{ matrix.component }}
	image: ${{ matrix.component }}
	repo: ${{ github.repository }}
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	merge:
	runs-on: ubuntu-latest
	needs: [build]
	permissions:
	contents: read # Access private repos
	packages: write # Pushing multi-arch manifest to ghcr.io
	id-token: write # Signing images with cosign
	strategy:
	matrix:
	component: [controller, agent, debugger]
	steps:
	- name: Checkout code
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	persist-credentials: false
	- name: Merge images
	uses: ./.github/actions/merge-multiarch
	with:
	arch: amd64,arm64
	image: ${{ matrix.component }}
	repo: ${{ github.repository }}
	tag: latest
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback