ci: enable provenance for Docker images in CI workflow

2025-12-12 01:41:16 +01:00 · 2025-03-15 10:13:38 +01:00
parent ab0cd6717a
commit 1851664c96
1 changed files with 3 additions and 0 deletions
--- a/.github/workflows/ci_docker.yml
+++ b/.github/workflows/ci_docker.yml
@@ -95,6 +95,7 @@ jobs:
            docker.io/scit0/extract_otp_secrets:bookworm-${{ matrix.PLATFORM_ARCH }}
            ghcr.io/scito/extract_otp_secrets:latest-${{ matrix.PLATFORM_ARCH }}
            ghcr.io/scito/extract_otp_secrets:bookworm-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
          # build on feature branches, push only on master branch
          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}

@@ -216,6 +217,7 @@ jobs:
            docker.io/scit0/extract_otp_secrets:alpine-${{ matrix.PLATFORM_ARCH }}
            ghcr.io/scito/extract_otp_secrets:only-txt-${{ matrix.PLATFORM_ARCH }}
            ghcr.io/scito/extract_otp_secrets:alpine-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
          # build on feature branches, push only on master branch
          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
          build-args: |
@@ -343,6 +345,7 @@ jobs:
          tags: |
            docker.io/scit0/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
            ghcr.io/scito/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
          push: ${{ github.secret_source == 'Actions' }}

      - name: Image digest