Use github-early-access/generate-build-provenance (#21)

stacklok · Jan 19, 2024 · ddc177a · ddc177a
1 parent 67b0d54
commit ddc177a
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -68,6 +68,13 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+      - name: generate build provenance
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: github-early-access/generate-build-provenance@main
+        with:
+          subject-name: ${{ steps.meta.outputs.tags }}
+          subject-digest: ${{ steps.build-and-push.outputs.digest }}
+          push-to-registry: false
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker
       # repository is public to avoid leaking data.  If you would like to publish