Skip to content

Commit

Permalink
Merge pull request #6 from jhrozek/update_att
Browse files Browse the repository at this point in the history
Bump GH attestations and fix permissions
  • Loading branch information
rdimitrov authored Aug 15, 2024
2 parents 617f870 + e1b33bd commit c2f1007
Show file tree
Hide file tree
Showing 6 changed files with 16 additions and 8 deletions.
4 changes: 3 additions & 1 deletion .github/workflows/build-binary-signed-ghat-malicious.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ jobs:
id-token: write
packages: write
contents: write
attestations: write

runs-on: ubuntu-latest
steps:
- name: Check out code
Expand All @@ -25,7 +27,7 @@ jobs:
# ...
#
# - name: Sign artifact
# uses: actions/attest-build-provenance@v1.0.0
# uses: actions/attest-build-provenance@v1.4.1
# with:
# subject-path: '${{ github.workspace }}/demo-repo-go-binary'
#
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/build-binary-signed-ghat.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ jobs:
id-token: write
packages: write
contents: write
attestations: write

runs-on: ubuntu-latest
steps:
- name: Check out code
Expand All @@ -21,7 +23,7 @@ jobs:
# ...
#
# - name: Sign artifact
# uses: actions/attest-build-provenance@v1.0.0
# uses: actions/attest-build-provenance@v1.4.1
# with:
# subject-path: '${{ github.workspace }}/demo-repo-go-binary'
#
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/build-image-signed-ghat-malicious.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ jobs:
id-token: write
packages: write
contents: write
attestations: write

steps:
- name: Checkout repository
Expand All @@ -34,8 +35,8 @@ jobs:
context: .

- name: Attest image
uses: actions/attest-build-provenance@v1.0.0
uses: actions/attest-build-provenance@v1.4.1
with:
subject-name: ghcr.io/${{ github.repository }}
subject-digest: ${{ steps.push-step.outputs.digest }}
push-to-registry: true
push-to-registry: true
3 changes: 2 additions & 1 deletion .github/workflows/build-image-signed-ghat-static-copied.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ jobs:
id-token: write
packages: write
contents: write
attestations: write

steps:
- name: Checkout repository
Expand All @@ -31,7 +32,7 @@ jobs:
file : Dockerfile.static

- name: Attest image
uses: actions/attest-build-provenance@v1.0.0
uses: actions/attest-build-provenance@v1.4.1
with:
subject-name: ghcr.io/${{ github.repository }}
subject-digest: ${{ steps.push-step.outputs.digest }}
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/build-image-signed-ghat-static.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ jobs:
id-token: write
packages: write
contents: write
attestations: write

steps:
- name: Checkout repository
Expand All @@ -31,7 +32,7 @@ jobs:
file : Dockerfile.static

- name: Attest image
uses: actions/attest-build-provenance@v1.0.0
uses: actions/attest-build-provenance@v1.4.1
with:
subject-name: ghcr.io/${{ github.repository }}
subject-digest: ${{ steps.push-step.outputs.digest }}
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/build-image-signed-ghat.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ jobs:
id-token: write
packages: write
contents: write
attestations: write

steps:
- name: Checkout repository
Expand All @@ -30,8 +31,8 @@ jobs:
context: .

- name: Attest image
uses: actions/attest-build-provenance@v1.0.0
uses: actions/attest-build-provenance@v1.4.1
with:
subject-name: ghcr.io/${{ github.repository }}
subject-digest: ${{ steps.push-step.outputs.digest }}
push-to-registry: true
push-to-registry: true

0 comments on commit c2f1007

Please sign in to comment.