diff --git a/README.md b/README.md index fef7db0..d4a536a 100644 --- a/README.md +++ b/README.md @@ -116,6 +116,7 @@ jobs: | `docker-build-secrets` | List of secrets to expose to the build (e.g., key=string, GIT_AUTH_TOKEN=mytoken) | | | `docker-build-secret-files` | List of secret files to expose to the build (e.g., key=filename, MY_SECRET=./secret.txt) | | | `docker-build-target` | Sets the target stage to build like: "runtime" | | +| `docker-build-provenance` | Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build | `false` | | `gitops-organization` | GitHub Organization for GitOps | `Staffbase` | | `gitops-repository` | GitHub Repository for GitOps | `mops` | | `gitops-user` | GitHub User for GitOps | `Staffbot` | diff --git a/action.yml b/action.yml index 9f9d39c..4b137fd 100644 --- a/action.yml +++ b/action.yml @@ -32,6 +32,10 @@ inputs: docker-build-target: description: "Sets the target stage to build" required: false + docker-build-provenance: + description: "Generate provenance attestation for the build" + required: false + default: 'false' gitops-organization: description: 'GitHub Organization for GitOps' required: true @@ -140,7 +144,7 @@ runs: platforms: linux/amd64 cache-from: type=gha cache-to: type=gha,mode=max - provenance: false + provenance: ${{ inputs.docker-build-provenance }} - name: Checkout GitOps Repository if: inputs.gitops-token != ''