Skip to content
release

build(deps): bump actions/attest-build-provenance (#158) #82

Sign in to view logs

build(deps): bump actions/attest-build-provenance (#158)

build(deps): bump actions/attest-build-provenance (#158) #82

Workflow file for this run

.github/workflows/release.yml at d9cb96a
name: release
on:
push:
branches: [ "main" ]
tags: [ "v*" ]
permissions:
contents: read
env:
DOCKER_IMAGE_NAME: opbeans/opbeans-go
jobs:
release:
runs-on: ubuntu-latest
permissions:
attestations: write
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the Container registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ${{ secrets.DOCKERHUB_REGISTRY }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Extract metadata (tags, labels)
id: docker-meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: ${{ env.DOCKER_IMAGE_NAME }}
tags: |
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
# tag event
type=ref,enable=true,prefix=,suffix=,event=tag
- name: Build and push image
id: docker-push
uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
with:
context: .
provenance: mode=max
push: true
sbom: true
tags: ${{ steps.docker-meta.outputs.tags }}
labels: ${{ steps.docker-meta.outputs.labels }}
- name: Attest image
uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3
with:
subject-name: index.docker.io/${{ env.DOCKER_IMAGE_NAME }}
subject-digest: ${{ steps.docker-push.outputs.digest }}
push-to-registry: true