From 9c66b93c21687e113a903bb569e4d68ccbd98e75 Mon Sep 17 00:00:00 2001
From: Graham Gilbert <graham@grahamgilbert.com>
Date: Wed, 6 Nov 2024 13:04:59 -0800
Subject: [PATCH] Attest atrifacts
---
.github/workflows/build-latest.yml | 10 +++++++++-
.github/workflows/build-saml-latest.yml | 10 +++++++++-
.github/workflows/build-saml-tag.yml | 10 +++++++++-
.github/workflows/build-tag.yml | 10 +++++++++-
sal/version.plist | 2 +-
5 files changed, 37 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/build-latest.yml b/.github/workflows/build-latest.yml
index b702fd05..5777950b 100644
--- a/.github/workflows/build-latest.yml
+++ b/.github/workflows/build-latest.yml
@@ -21,8 +21,16 @@ jobs:
password: ${{secrets.GITHUB_TOKEN}}
- name: Build and Push Docker image
+ id: push
uses: docker/build-push-action@v6.9.0
with:
context: .
push: true
- tags: ghcr.io/salopensource/sal:latest
\ No newline at end of file
+ tags: ghcr.io/salopensource/sal:latest
+
+ - name: Generate artifact attestation
+ uses: actions/attest-build-provenance@v1
+ with:
+ subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+ subject-digest: ${{ steps.push.outputs.digest }}
+ push-to-registry: true
\ No newline at end of file
diff --git a/.github/workflows/build-saml-latest.yml b/.github/workflows/build-saml-latest.yml
index 30c72f81..29511b56 100644
--- a/.github/workflows/build-saml-latest.yml
+++ b/.github/workflows/build-saml-latest.yml
@@ -27,9 +27,17 @@ jobs:
password: ${{secrets.GITHUB_TOKEN}}
- name: Build and Push Docker image
+ id: push
uses: docker/build-push-action@v6.9.0
with:
context: saml
file: saml/Dockerfile.pristine
push: true
- tags: ghcr.io/salopensource/sal-saml:latest
\ No newline at end of file
+ tags: ghcr.io/salopensource/sal-saml:latest
+
+ - name: Generate artifact attestation
+ uses: actions/attest-build-provenance@v1
+ with:
+ subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+ subject-digest: ${{ steps.push.outputs.digest }}
+ push-to-registry: true
\ No newline at end of file
diff --git a/.github/workflows/build-saml-tag.yml b/.github/workflows/build-saml-tag.yml
index ecb0de6a..84235333 100644
--- a/.github/workflows/build-saml-tag.yml
+++ b/.github/workflows/build-saml-tag.yml
@@ -27,9 +27,17 @@ jobs:
password: ${{secrets.GITHUB_TOKEN}}
- name: Build and Push Docker image
+ id: push
uses: docker/build-push-action@v6.9.0
with:
context: saml
push: true
file: saml/Dockerfile.pristine
- tags: ghcr.io/salopensource/sal-saml:${{ github.ref_name }}
\ No newline at end of file
+ tags: ghcr.io/salopensource/sal-saml:${{ github.ref_name }}
+
+ - name: Generate artifact attestation
+ uses: actions/attest-build-provenance@v1
+ with:
+ subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+ subject-digest: ${{ steps.push.outputs.digest }}
+ push-to-registry: true
\ No newline at end of file
diff --git a/.github/workflows/build-tag.yml b/.github/workflows/build-tag.yml
index 7d53be4b..5e1a5655 100644
--- a/.github/workflows/build-tag.yml
+++ b/.github/workflows/build-tag.yml
@@ -21,8 +21,16 @@ jobs:
password: ${{secrets.GITHUB_TOKEN}}
- name: Build and Push Docker image
+ id: push
uses: docker/build-push-action@v6.9.0
with:
context: .
push: true
- tags: ghcr.io/salopensource/sal:${{ github.ref_name }}
\ No newline at end of file
+ tags: ghcr.io/salopensource/sal:${{ github.ref_name }}
+
+ - name: Generate artifact attestation
+ uses: actions/attest-build-provenance@v1
+ with:
+ subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+ subject-digest: ${{ steps.push.outputs.digest }}
+ push-to-registry: true
\ No newline at end of file
diff --git a/sal/version.plist b/sal/version.plist
index d958fb77..5103ab0c 100644
--- a/sal/version.plist
+++ b/sal/version.plist
@@ -3,6 +3,6 @@
<plist version="1.0">
<dict>
<key>version</key>
- <string>4.3.0.2293</string>
+ <string>4.3.0.2294</string>
</dict>
</plist>