Skip to content

Commit b0aed20

Browse files
authored
github-actions: support attestation (#194)
1 parent 17dd339 commit b0aed20

File tree

1 file changed

+15
-2
lines changed

1 file changed

+15
-2
lines changed

.github/workflows/component_build-images-elastic.yml

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,10 @@ jobs:
1717
if: github.repository == 'elastic/opentelemetry-demo'
1818
runs-on: ubuntu-latest
1919
permissions:
20+
artifact-metadata: write
21+
attestations: write
2022
contents: read
23+
id-token: write
2124
packages: write
2225

2326
env:
@@ -122,7 +125,7 @@ jobs:
122125
setup-qemu: true
123126

124127
steps:
125-
- uses: actions/checkout@v4
128+
- uses: actions/checkout@v6
126129
with:
127130
fetch-depth: 0
128131
- name: Load environment variables from .env file
@@ -174,8 +177,9 @@ jobs:
174177
# NOTE: disable the cache poisoning vector attack
175178
cache-binary: false
176179
- name: Matrix Build and push demo images
180+
id: push
177181
if: steps.check_changes.outputs.skip == 'false'
178-
uses: docker/build-push-action@v5.0.0
182+
uses: docker/build-push-action@v6.18.0
179183
with:
180184
context: ${{ matrix.file_tag.context }}
181185
file: ${{ matrix.file_tag.file }}
@@ -191,3 +195,12 @@ jobs:
191195
# NOTE: disable the cache poisoning vector attack
192196
# cache-from: type=gha
193197
# cache-to: type=gha
198+
199+
- name: Attest
200+
uses: actions/attest-build-provenance@v3
201+
if: ${{ steps.check_changes.outputs.skip == 'false' && inputs.push }}
202+
id: attest
203+
with:
204+
subject-name: ${{ env.GHCR_REPO }}
205+
subject-digest: ${{ steps.push.outputs.digest }}
206+
push-to-registry: true

0 commit comments

Comments
 (0)