diff --git a/.github/workflows/template_gitops.yml b/.github/workflows/template_gitops.yml index be47a91b..f7e647e6 100644 --- a/.github/workflows/template_gitops.yml +++ b/.github/workflows/template_gitops.yml @@ -9,6 +9,10 @@ on: docker-build-target: required: false type: string + docker-build-provenance: + required: false + type: string + default: 'false' docker-file: required: false type: string @@ -57,7 +61,7 @@ jobs: uses: actions/checkout@v3 - name: GitOps (build, push and deploy a new Docker image) - uses: Staffbase/gitops-github-action@v5.1 + uses: Staffbase/gitops-github-action@v5.2 with: docker-username: ${{ secrets.docker-username }} docker-password: ${{ secrets.docker-password }} @@ -67,6 +71,9 @@ jobs: NPM_TOKEN=${{ secrets.npm-token }} GOPROXY=${{ secrets.goproxy }} GONOSUMDB=${{ secrets.gonosumdb }} + docker-build-provenance: ${{ inputs.docker-build-provenance }} + docker-build-secrets: ${{ secrets.docker-build-secrets }} + docker-build-secret-files: ${{ secrets.docker-build-secret-files }} docker-build-target: ${{ inputs.docker-build-target }} docker-file: ${{ inputs.docker-file }} docker-image: ${{ inputs.docker-image }} @@ -74,5 +81,3 @@ jobs: gitops-dev: ${{ inputs.gitops-dev }} gitops-stage: ${{ inputs.gitops-stage }} gitops-prod: ${{ inputs.gitops-prod }} - docker-build-secrets: ${{ secrets.docker-build-secrets }} - docker-build-secret-files: ${{ secrets.docker-build-secret-files }} diff --git a/README.md b/README.md index 8cd39e2d..8d3ec9eb 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,8 @@ jobs: # optional: list of build-time variables docker-build-args: | "any important args" + # optional: generate provenance attestation for the build, default: false + docker-build-provenance: "mode=min,inline-only=true" # optional: set the target stage to build docker-build-target: "any target" # optional: path to the Dockerfile, default: ./Dockerfile