Fixes error with incorrect sha format for attestation

suprjinx · suprjinx · commit 112f42eea906 · 2026-02-10T10:07:39.000-05:00
Signed-off-by: Geoff Wilson &lt;geoff@gr-oss.io&gt;
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -120,6 +120,7 @@ jobs:
           platforms: linux/amd64
 
       - name: Push to registries
+        id: push
         run: |
           for registry in ${{ steps.registries.outputs.registries }}; do
             echo "Pushing to ${registry}..."
@@ -130,10 +131,16 @@ jobs:
             done
           done
 
+          # Capture the image digest from ghcr.io for attestation
+          first_tag=$(echo "${{ steps.tags.outputs.tags }}" | awk '{print $1}')
+          digest=$(docker inspect --format='{{index .RepoDigests 0}}' "ghcr.io/pulp/${{ env.IMAGE_NAME }}:${first_tag}" | cut -d'@' -f2)
+          echo "digest=${digest}" >> $GITHUB_OUTPUT
+          echo "Image digest: ${digest}"
+
       - name: Generate artifact attestation
         if: github.event_name != 'pull_request'
         uses: actions/attest-build-provenance@v1
         with:
           subject-name: ghcr.io/pulp/${{ env.IMAGE_NAME }}
-          subject-digest: ${{ hashFiles('Dockerfile') }}
+          subject-digest: ${{ steps.push.outputs.digest }}
           push-to-registry: true
