Skip to content

Commit

Permalink
Add container provenance job
Browse files Browse the repository at this point in the history 
Signed-off-by: Marco Franssen <marco.franssen@philips.com>
  • Loading branch information
@marcofranssen
marcofranssen committed Dec 22, 2021
1 parent 2e451be commit 5c3277b
Showing 1 changed file with 26 additions and 2 deletions.
28 changes: 26 additions & 2 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,15 +115,39 @@ jobs:
if: startsWith(github.ref, 'refs/tags/')
run: |
echo "::set-output name=container_digest::$(make container-digest GITHUB_REF=${{ github.ref_name }})"
echo "::set-output name=container_tags::$(make container-tags CONTAINER_DIGEST=${{ steps.container_info.outputs.container_digest }})"
echo "::set-output name=container_repos::$(echo "[$(make container-repos GITHUB_REF=${GITHUB_REF} | paste -s -d ',' -)]")"
echo "::set-output name=container_tags::$(make container-tags CONTAINER_DIGEST=${{ steps.container_info.outputs.container_digest }} | paste -s -d ',' -)"
echo "::set-output name=container_repos::$(echo "[$(make container-repos CONTAINER_DIGEST=${{ steps.container_info.outputs.container_digest }} | paste -s -d ',' -)]")"
- name: Logout from Container registries
if: ${{ always() }}
run: |
docker logout
docker logout ghcr.io
container-provenance:
name: container-provenance
needs: [release]
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-20.04

strategy:
matrix:
repo: ${{ fromJSON(needs.release.outputs.container_repos) }}

steps:
- name: Generate provenance for Release
uses: philips-labs/slsa-provenance-action@v0.4.0
with:
command: generate
subcommand: container
arguments: |
--digest ${{ needs.release.outputs.container_digest }} \
--tags ${{ needs.release.outputs.container_tags }} \
--repositories ${{ matrix.repo }}
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

provenance:
name: provenance
needs: [release]
Expand Down

0 comments on commit 5c3277b

Please sign in to comment.