Merge pull request #151 from hyperspike/attest

feat: Github Attestation for image and image.yaml
hyperspike · Dec 31, 2024 · 26ba334 · 26ba334
2 parents f2aa224 + 456ce7e
commit 26ba334
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
@@ -68,6 +68,14 @@ jobs:
       run: |
         cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}${{ env.RELEASE_VERSION }}@${{ steps.docker_build.outputs.digest }}
 
+    - name: Attest
+      uses: actions/attest-build-provenance@v2
+      id: attest
+      with:
+        subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        subject-digest: ${{ steps.docker_build.outputs.digest }}
+        push-to-registry: true
+
     - name: Run Trivy vulnerability scanner
       uses: aquasecurity/trivy-action@master
       with:

diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -38,6 +38,12 @@ jobs:
         check-latest: true
     - name: Build Installer
       run: make build-installer IMG=ghcr.io/hyperspike/valkey-operator:${{ github.ref_name }}
+    - name: Attest
+      uses: actions/attest-build-provenance@v2
+      id: attest
+      with:
+        subject-path: |
+          dist/install.yaml
     - name: Upload dist/install.yaml to release
       uses: svenstaro/upload-release-action@v2
       with: