chore(ci): Update docker workflow file

jwtwallet · Jul 1, 2024 · 3e0c55b · 3e0c55b
1 parent 2d4b1af
commit 3e0c55b
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -72,6 +72,8 @@ jobs:
     permissions:
       contents: read
       packages: write
+      id-token: write
+      attestations: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -105,5 +107,14 @@ jobs:
           docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
             $(printf 'ghcr.io/${{ env.REPOSITORY_NAME }}@sha256:%s ' *)
       - name: Inspect image
+        id: inspect
         run: |
-          docker buildx imagetools inspect ghcr.io/${{ env.REPOSITORY_NAME }}:${{ steps.meta.outputs.version }}
+          OUTPUT=$(docker buildx imagetools inspect ghcr.io/${{ env.REPOSITORY_NAME }}:${{ steps.meta.outputs.version }} --format "{{json .Manifest.Digest}}"  | xargs)
+          echo "digest=$OUTPUT" >> $GITHUB_OUTPUT
+      - name: Attest
+        uses: actions/attest-build-provenance@v1
+        id: attest
+        with:
+          subject-name: ghcr.io/${{ env.REPOSITORY_NAME }}:${{ steps.meta.outputs.version }}
+          subject-digest: ${{ steps.inspect.outputs.digest }}
+          push-to-registry: true