zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

feat(docker): Add SBOM and provenance attestations (#8802) 

This adds metadata about the contents of our image, what it contains, and how it was built.
This commit is contained in:
Gustavo Valverde 2024-08-26 18:56:09 +01:00 committed by GitHub
parent 37de457f2b
commit 6cf34b25ff
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/sub-build-docker-image.yml vendored
View File

@ -172,6 +172,10 @@ jobs:
FEATURES=${{ env.FEATURES }}
TEST_FEATURES=${{ env.TEST_FEATURES }}
push: true
# It's recommended to build images with max-level provenance attestations
# https://docs.docker.com/build/ci/github-actions/attestations/
provenance: mode=max
sbom: true
# Don't read from the cache if the caller disabled it.
# https://docs.docker.com/engine/reference/commandline/buildx_build/#options
no-cache: ${{ inputs.no_cache }}