From e4ba9a4669a91fbc96ba27c1f3cd6b371baed36a Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Mon, 30 Jan 2023 15:45:34 +0200 Subject: [PATCH] build: Enable SBOM and SLSA Provenance Signed-off-by: Stefan Prodan --- .github/workflows/release.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5ce34aad..2f3658fd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,8 +32,8 @@ jobs: if [[ $GITHUB_REF == refs/tags/* ]]; then VERSION=${GITHUB_REF/refs\/tags\//} fi - echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ') - echo ::set-output name=VERSION::${VERSION} + echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT + echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT - name: Setup QEMU uses: docker/setup-qemu-action@v2 - name: Setup Docker Buildx @@ -62,6 +62,8 @@ jobs: - name: Publish images uses: docker/build-push-action@v3 with: + sbom: true + provenance: true push: true builder: ${{ steps.buildx.outputs.name }} context: .