-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dockerfile workflow #57
Comments
A good point of comparison would be the docker actions for building and pushing images. They use buildx in their case and support building for different architectures using qemu. |
Generating a provenance based off a Dockerfile is a great start. You may also want to see how the same could be done for builds using tools like |
For sure. I think @laurentsimon shared https://github.com/laurentsimon/slsa-github-generator-ko with you on slack maybe, but the idea is we will eventually merge that workflow here as well. Buildpacks is a good idea but I think getting provenance generation for simple Dockerfiles working is probably a higher priority for now. We're happy to take issues and contributions if folks want to take on specific workflows or features. |
This sounds like it can be a very useful workflow. Any progress on it? Doesn't look like it has been picked yet. |
Here is the top-level tracking issue: project-oak/transparent-release#145 |
Is this done? |
It is not. @ianlewis started it but it's not complete yet. Maybe in the meantime you could use:
|
We can provide a builder which builds a Docker image based on a Dockerfile as the build artifact and generate SLSA provenance for it.
The text was updated successfully, but these errors were encountered: