Skip to content

Commit

Permalink
chore(workflows): setup build attestation
Browse files Browse the repository at this point in the history
  • Loading branch information
Robert27 committed Dec 12, 2024
1 parent 0def0de commit 128fde8
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion .github/workflows/docker-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@ jobs:
runs-on: ubuntu-latest
# Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
permissions:
id-token: write
contents: read
attestations: write
packages: write
#
steps:
Expand All @@ -39,7 +41,8 @@ jobs:
# It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
# It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
- name: Build and push Docker image
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
id: push
uses: docker/[email protected]
with:
context: .
push: true
Expand All @@ -51,3 +54,10 @@ jobs:
NEXT_PUBLIC_THI_API_KEY=${{ secrets.NEXT_PUBLIC_THI_API_KEY }}
NEXT_PUBLIC_THI_API_MODE=${{ vars.NEXT_PUBLIC_THI_API_MODE }}
NEXT_PUBLIC_NEULAND_GRAPHQL_ENDPOINT=${{ github.ref == 'refs/heads/develop' && vars.GRAPHQL_ENDPOINT_DEV || vars.GRAPHQL_ENDPOINT_PROD }}
- name: Attest
uses: actions/attest-build-provenance@v2
id: attest
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

0 comments on commit 128fde8

Please sign in to comment.