adds provenance: false

docker/buildx#1533 our ecr repository has multiple shards of different images and it's hard to tell when vulnerability scans are accurate or not when the images are in multiple pieces like they are now. also bumps other action versions to more current versions
earnnest-greenville · Mar 15, 2023 · 9c2ffe3 · 9c2ffe3
1 parent 4e73613
commit 9c2ffe3
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 12 deletions.
diff --git a/.github/workflows/production.yml b/.github/workflows/production.yml
@@ -15,15 +15,15 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       -
         name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ secrets.CACHE_KEY }}-${{ github.sha }}
@@ -40,15 +40,15 @@ jobs:
 
       -
         name: Login to ECR
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
           username: ${{ secrets.AWS_ACCESS_KEY_ID }}
           password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
       -
         name: Login to ECR
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION_2 }}.amazonaws.com
           username: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -57,8 +57,9 @@ jobs:
       -
         name: Build and push container
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
         with:
+          provenance: false
           push: true
           context: ./customize
           build-args: |

diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml
@@ -15,15 +15,15 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       -
         name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ secrets.CACHE_KEY }}-${{ github.sha }}
@@ -40,15 +40,15 @@ jobs:
 
       -
         name: Login to ECR
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
           username: ${{ secrets.AWS_ACCESS_KEY_ID }}
           password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
       -
         name: Login to ECR
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION_2 }}.amazonaws.com
           username: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -57,8 +57,9 @@ jobs:
       -
         name: Build and push container
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
         with:
+          provenance: false
           push: true
           context: ./customize
           build-args: |