From 1fb24a3f99cb8ac782ebc88ae2d4a06888234eab Mon Sep 17 00:00:00 2001
From: Sander Niels Hummerich
 <64867257+hummerichsander@users.noreply.github.com>
Date: Wed, 25 Sep 2024 10:29:16 +0000
Subject: [PATCH 1/2] Add Dockerfile label with source URL

---
 Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index edcea24..f1734a7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,4 +10,6 @@ RUN poetry install
 
 COPY ./openai_api_server_mock /app/openai_api_server_mock
 
+LABEL org.opencontainers.image.source="https://github.com/hummerichsander/openai_api_server_mock"
+
 CMD ["poetry", "run", "fastapi", "run", "openai_api_server_mock/main.py", "--port", "8000"]
\ No newline at end of file

From 0ba2ca954e05812da5b567c599de0322a56ae3a5 Mon Sep 17 00:00:00 2001
From: Sander Niels Hummerich
 <64867257+hummerichsander@users.noreply.github.com>
Date: Wed, 25 Sep 2024 12:23:17 +0000
Subject: [PATCH 2/2] Refactor Dockerfile and workflow to create and publish a
 Docker image

---
 .github/workflows/publish_image.yaml | 31 ++++++++++++++++++----------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/publish_image.yaml b/.github/workflows/publish_image.yaml
index 8d193c4..e81f323 100644
--- a/.github/workflows/publish_image.yaml
+++ b/.github/workflows/publish_image.yaml
@@ -1,27 +1,30 @@
-name: Publish Docker image
+#
+name: Create and publish a Docker image
 
 on:
   push:
-    branches:
-      - 'release/**'
+    branches: ['release/*']
 
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 
 jobs:
-  build-and-push:
+  build-and-push-image:
     runs-on: ubuntu-latest
+
     permissions:
       contents: read
       packages: write
+      attestations: write
+      id-token: write
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Log in to the Container registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -29,17 +32,23 @@ jobs:
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: |
-            type=ref,event=branch
-            type=sha
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v4
+        id: push
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
         with:
           context: .
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
+