diff --git a/.github/workflows/build-binary-signed-ghat-malicious.yml b/.github/workflows/build-binary-signed-ghat-malicious.yml index e8fe7f1..6375506 100644 --- a/.github/workflows/build-binary-signed-ghat-malicious.yml +++ b/.github/workflows/build-binary-signed-ghat-malicious.yml @@ -9,6 +9,8 @@ jobs: id-token: write packages: write contents: write + attestations: write + runs-on: ubuntu-latest steps: - name: Check out code @@ -25,7 +27,7 @@ jobs: # ... # # - name: Sign artifact -# uses: actions/attest-build-provenance@v1.0.0 +# uses: actions/attest-build-provenance@v1.4.1 # with: # subject-path: '${{ github.workspace }}/demo-repo-go-binary' # diff --git a/.github/workflows/build-binary-signed-ghat.yml b/.github/workflows/build-binary-signed-ghat.yml index b4da6b1..63112ab 100644 --- a/.github/workflows/build-binary-signed-ghat.yml +++ b/.github/workflows/build-binary-signed-ghat.yml @@ -9,6 +9,8 @@ jobs: id-token: write packages: write contents: write + attestations: write + runs-on: ubuntu-latest steps: - name: Check out code @@ -21,7 +23,7 @@ jobs: # ... # # - name: Sign artifact -# uses: actions/attest-build-provenance@v1.0.0 +# uses: actions/attest-build-provenance@v1.4.1 # with: # subject-path: '${{ github.workspace }}/demo-repo-go-binary' # diff --git a/.github/workflows/build-image-signed-ghat-malicious.yml b/.github/workflows/build-image-signed-ghat-malicious.yml index d863a2c..47c0497 100644 --- a/.github/workflows/build-image-signed-ghat-malicious.yml +++ b/.github/workflows/build-image-signed-ghat-malicious.yml @@ -9,6 +9,7 @@ jobs: id-token: write packages: write contents: write + attestations: write steps: - name: Checkout repository @@ -34,8 +35,8 @@ jobs: context: . - name: Attest image - uses: actions/attest-build-provenance@v1.0.0 + uses: actions/attest-build-provenance@v1.4.1 with: subject-name: ghcr.io/${{ github.repository }} subject-digest: ${{ steps.push-step.outputs.digest }} - push-to-registry: true \ No newline at end of file + push-to-registry: true diff --git a/.github/workflows/build-image-signed-ghat-static-copied.yml b/.github/workflows/build-image-signed-ghat-static-copied.yml index c8982b1..dc719c5 100644 --- a/.github/workflows/build-image-signed-ghat-static-copied.yml +++ b/.github/workflows/build-image-signed-ghat-static-copied.yml @@ -9,6 +9,7 @@ jobs: id-token: write packages: write contents: write + attestations: write steps: - name: Checkout repository @@ -31,7 +32,7 @@ jobs: file : Dockerfile.static - name: Attest image - uses: actions/attest-build-provenance@v1.0.0 + uses: actions/attest-build-provenance@v1.4.1 with: subject-name: ghcr.io/${{ github.repository }} subject-digest: ${{ steps.push-step.outputs.digest }} diff --git a/.github/workflows/build-image-signed-ghat-static.yml b/.github/workflows/build-image-signed-ghat-static.yml index bd3d0a0..195ad21 100644 --- a/.github/workflows/build-image-signed-ghat-static.yml +++ b/.github/workflows/build-image-signed-ghat-static.yml @@ -9,6 +9,7 @@ jobs: id-token: write packages: write contents: write + attestations: write steps: - name: Checkout repository @@ -31,7 +32,7 @@ jobs: file : Dockerfile.static - name: Attest image - uses: actions/attest-build-provenance@v1.0.0 + uses: actions/attest-build-provenance@v1.4.1 with: subject-name: ghcr.io/${{ github.repository }} subject-digest: ${{ steps.push-step.outputs.digest }} diff --git a/.github/workflows/build-image-signed-ghat.yml b/.github/workflows/build-image-signed-ghat.yml index f7286f4..d91b6fc 100644 --- a/.github/workflows/build-image-signed-ghat.yml +++ b/.github/workflows/build-image-signed-ghat.yml @@ -9,6 +9,7 @@ jobs: id-token: write packages: write contents: write + attestations: write steps: - name: Checkout repository @@ -30,8 +31,8 @@ jobs: context: . - name: Attest image - uses: actions/attest-build-provenance@v1.0.0 + uses: actions/attest-build-provenance@v1.4.1 with: subject-name: ghcr.io/${{ github.repository }} subject-digest: ${{ steps.push-step.outputs.digest }} - push-to-registry: true \ No newline at end of file + push-to-registry: true