Enable container attestation.

This closes #3
go-dataspace · Jun 17, 2024 · 1a6e558 · 1a6e558
1 parent ae92823
commit 1a6e558
Showing 1 changed file with 10 additions and 11 deletions.
diff --git a/.github/workflows/build-and-push-image.yaml b/.github/workflows/build-and-push-image.yaml
@@ -18,10 +18,10 @@ name: Create and publish a Docker image
 # Configures this workflow to run every time a change is pushed to the branch called `release`.
 on:
   push:
-    branches:
-      - main
-    tags:
-      - v*
+#    branches:
+#      - main
+#    tags:
+#      - v*
 
 # Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
 env:
@@ -68,10 +68,9 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
 
       # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."
-      # ENABLE THIS WHEN GOING PUBLIC
-      # - name: Generate artifact attestation
-      #   uses: actions/attest-build-provenance@v1
-      #   with:
-      #     subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
-      #     subject-digest: ${{ steps.push.outputs.digest }}
-      #     push-to-registry: true
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true