Skip to content

Commit

Permalink
Added attestation on Docker images (masesgroup#538)
Browse files Browse the repository at this point in the history
  • Loading branch information
masesdevelopers authored Sep 19, 2024
1 parent 45a2d05 commit 5d304e2
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 4 deletions.
16 changes: 15 additions & 1 deletion .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,11 @@ jobs:
needs: check_changes
if: "always() && needs.check_changes.outputs.run_build_windows == 'true'"
runs-on: ubuntu-latest
permissions:
id-token: write
packages: write
contents: read
attestations: write
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
Expand Down Expand Up @@ -119,6 +124,7 @@ jobs:
ghcr.io/${{ github.repository_owner }}/jnet
- name: Build and push
id: push
uses: docker/build-push-action@v6
with:
file: ./src/container/Dockerfile.linux
Expand All @@ -129,7 +135,15 @@ jobs:
labels: ${{ steps.meta.outputs.labels }}
provenance: true
sbom: true


- name: Attest Docker Hub
uses: actions/attest-build-provenance@v1
id: attest
with:
subject-name: index.docker.io/masesgroup/jnet
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

# Now run "build_windows"
build_windows:
needs: check_changes
Expand Down
23 changes: 22 additions & 1 deletion .github/workflows/docker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,11 @@ on:
jobs:
build_container_linux:
runs-on: ubuntu-latest
permissions:
id-token: write
packages: write
contents: read
attestations: write
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
Expand Down Expand Up @@ -73,6 +78,7 @@ jobs:
ghcr.io/${{ github.repository_owner }}/jnet
- name: Build and push
id: push
uses: docker/build-push-action@v6
with:
file: ./src/container/Dockerfile.linux
Expand All @@ -83,4 +89,19 @@ jobs:
labels: ${{ steps.meta.outputs.labels }}
provenance: true
sbom: true


- name: Attest Docker Hub
uses: actions/attest-build-provenance@v1
id: attest1
with:
subject-name: index.docker.io/masesgroup/jnet
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

- name: Attest GitHub
uses: actions/attest-build-provenance@v1
id: attest2
with:
subject-name: ghcr.io/${{ github.repository_owner }}/jnet
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
2 changes: 1 addition & 1 deletion tests/net/JNetWPFTest/JNetWPFTest.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<RootNamespace>MASES.JNetWPFTest</RootNamespace>
<Title>JNetWPFTest - a test tool for JNet</Title>
<Description>JNetWPFTest - a test tool for JNet</Description>
<TargetFrameworks>net462;net6.0-windows;net7.0-windows</TargetFrameworks>
<TargetFrameworks>net462;net6.0-windows;net8.0-windows</TargetFrameworks>
</PropertyGroup>
<ItemGroup>
<None Include="..\Common\app.manifest">
Expand Down
2 changes: 1 addition & 1 deletion tests/net/JNetWinFormsTest/JNetWinFormsTest.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<RootNamespace>MASES.JNetWinFormsTest</RootNamespace>
<Title>JNetWinFormsTest - a test tool for JNet</Title>
<Description>JNetWinFormsTest - a test tool for JNet</Description>
<TargetFrameworks>net462;net6.0-windows;net7.0-windows</TargetFrameworks>
<TargetFrameworks>net462;net6.0-windows;net8.0-windows</TargetFrameworks>
<DefineConstants>$(DefineConstants);WINFORMS</DefineConstants>
</PropertyGroup>
<ItemGroup>
Expand Down

0 comments on commit 5d304e2

Please sign in to comment.