Add flag to disable provenance

roles/github/README.md

@@ -40,7 +40,7 @@ The following variables can be used to make small adjustments to the composition
 
 `github_image_name`: name of the kayobe image defaults to `kayobe`.
 
-`github_image_tag`: tag used to select kayobe image defaults to `latest` 
+`github_image_tag`: tag used to select kayobe image defaults to `latest`
 
 `github_registry_username`: username used to authenticate with the docker registry.
 
@@ -63,6 +63,8 @@ github_buildx_inline_config: |
 
 If you wish to make more impactful changes such as which workflows are built and what they contain then see the list of dictionaries called `workflows` in `defaults/main.yml`
 
+`github_buildx_enable_provenance`: whether or not to enable build attestations/provenence. This has been [noted](https://github.com/docker/build-push-action/releases/tag/v4.1.1) to cause issues with docker registries such as Pulp. Default to false.
+
 `github_workflows:` is a list of dictionaries that contains each of the workflows described above. A given list element is made up of the following:
 
 - `name`: the name which the workflow shall refer to itself as within GitHub workflows user interface.

roles/github/defaults/main.yml

@@ -23,6 +23,8 @@ github_final_hook: ""
 
 github_buildx_inline_config: ""
 
+github_buildx_enable_provenance: false
+
 github_timeout: 360
 
 github_kayobe_limit_input: |

roles/github/templates/build-kayobe-docker-image.yml.j2

@@ -57,6 +57,9 @@ jobs:
           tags: |
             %% github_registry_url %%/%% github_image_name %%:latest
             %% github_registry_url %%/%% github_image_name %%:${{ github.sha }}
+<% if not github_buildx_enable_provenance %>
+          provenance: false
+<% endif %>
 <% if github_final_hook | length >= 1 +%>
       %% github_final_hook | indent(width=6, first=false) -%%
 <% endif %>