From 8076e20fa6fb0bf1b961c5f54720927f8c0c18f0 Mon Sep 17 00:00:00 2001
From: Frank Elsinga <frank@elsinga.de>
Date: Thu, 16 May 2024 14:09:53 +0200
Subject: [PATCH] Added build attestation to the workflow

---
 .github/workflows/_docker-build.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/_docker-build.yml b/.github/workflows/_docker-build.yml
index 2c9d3b673..7055c4c32 100644
--- a/.github/workflows/_docker-build.yml
+++ b/.github/workflows/_docker-build.yml
@@ -46,6 +46,7 @@ jobs:
 
       - uses: docker/setup-buildx-action@v3
       - name: Build and push Docker image
+        id: push
         uses: docker/build-push-action@v5
         with:
           context: ${{ inputs.context }}
@@ -58,3 +59,10 @@ jobs:
             GIT_COMMIT_MESSAGE="${github.event.head_commit.message//\n/}"
           cache-from: type=gha
           cache-to: type=gha,mode=min
+      - name: Attest
+        uses: actions/attest-build-provenance@v1
+        id: attest
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true