🎨 Add provenance option (#124)

* 🎨 Add provenance option * ⬆️ Bump gitops --------- Co-authored-by: Tim Dittler <93928360+timdittler@users.noreply.github.com>
Staffbase · Jun 6, 2023 · c05de46 · c05de46
1 parent e09b15d
commit c05de46
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/.github/workflows/template_gitops.yml b/.github/workflows/template_gitops.yml
@@ -9,6 +9,10 @@ on:
       docker-build-target:
         required: false
         type: string
+      docker-build-provenance:
+        required: false
+        type: string
+        default: 'false'
       docker-file:
         required: false
         type: string
@@ -57,7 +61,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: GitOps (build, push and deploy a new Docker image)
-        uses: Staffbase/gitops-github-action@v5.1
+        uses: Staffbase/gitops-github-action@v5.2
         with:
           docker-username: ${{ secrets.docker-username }}
           docker-password: ${{ secrets.docker-password }}
@@ -67,12 +71,13 @@ jobs:
             NPM_TOKEN=${{ secrets.npm-token }}
             GOPROXY=${{ secrets.goproxy }}
             GONOSUMDB=${{ secrets.gonosumdb }}
+          docker-build-provenance: ${{ inputs.docker-build-provenance }}
+          docker-build-secrets: ${{ secrets.docker-build-secrets }}
+          docker-build-secret-files: ${{ secrets.docker-build-secret-files }}
           docker-build-target: ${{ inputs.docker-build-target }}
           docker-file: ${{ inputs.docker-file }}
           docker-image: ${{ inputs.docker-image }}
           gitops-token: ${{ secrets.gitops-token }}
           gitops-dev: ${{ inputs.gitops-dev }}
           gitops-stage: ${{ inputs.gitops-stage }}
           gitops-prod: ${{ inputs.gitops-prod }}
-          docker-build-secrets: ${{ secrets.docker-build-secrets }}
-          docker-build-secret-files: ${{ secrets.docker-build-secret-files }}
diff --git a/README.md b/README.md
@@ -79,6 +79,8 @@ jobs:
       # optional: list of build-time variables
       docker-build-args: |
         "any important args"
+      # optional: generate provenance attestation for the build, default: false
+      docker-build-provenance: "mode=min,inline-only=true"
       # optional: set the target stage to build
       docker-build-target: "any target"
       # optional: path to the Dockerfile, default: ./Dockerfile