Skip to content

wrap actions/attest-build-provenance #253

wrap actions/attest-build-provenance

wrap actions/attest-build-provenance #253

Workflow file for this run

name: End-to-End Testing
on:
pull_request:
push:
branches:
- main
- 'releases/*'
permissions: {}
jobs:
e2e-oci:
name: Publish/Verify (Container Image)
runs-on: ubuntu-latest
permissions:
attestations: write
contents: read
id-token: write
services:
registry:
image: registry@sha256:860f379a011eddfab604d9acfe3cf50b2d6e958026fb0f977132b0b083b1a3d7 # 2.8.3
ports:
- 5000:5000
env:
REGISTRY: localhost:5000
IMAGE_NAME: test
IMAGE_TAG: latest
steps:
- name: Checkout
id: checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Build Dockerfile
run: |
cat <<EOF > Dockerfile
FROM scratch
COPY README.md .
EOF
- name: Build and push container image
id: push
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
- name: Attest image
id: attest-action
uses: ./
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.push.outputs.digest }}
- name: Verify attestation
env:
GH_TOKEN: ${{ github.token }}
run: |
gh attestation verify oci://${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} -R ${{ github.repository }}