From 2a7fac6130fd0712fd4a052949bd82dbd48cbe71 Mon Sep 17 00:00:00 2001 From: Jan Brasna <1784648+janbrasna@users.noreply.github.com> Date: Wed, 10 Jul 2024 13:38:10 +0200 Subject: [PATCH 1/6] Fix regression in artifact-attestations-step-for-container-images.md Fixes regression where the reusable artifact attestations step example was accidentally broken by a commit that replaced dashes with asterisks. Commit that broke example: 0886a39 Co-authored-by: snorremd --- .../actions/artifact-attestations-step-for-container-images.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/reusables/actions/artifact-attestations-step-for-container-images.md b/data/reusables/actions/artifact-attestations-step-for-container-images.md index b48ce3077353..8a0683b3af95 100644 --- a/data/reusables/actions/artifact-attestations-step-for-container-images.md +++ b/data/reusables/actions/artifact-attestations-step-for-container-images.md @@ -1,4 +1,4 @@ -* name: Generate artifact attestation +- name: Generate artifact attestation uses: actions/attest-build-provenance@v1 with: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} From 64168156064a58a35b58e7d788a9291c25b34e14 Mon Sep 17 00:00:00 2001 From: Jan Brasna <1784648+janbrasna@users.noreply.github.com> Date: Sun, 14 Jul 2024 15:47:26 +0200 Subject: [PATCH 2/6] Update publishing-docker-images workflows --- .../publishing-docker-images.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/content/actions/publishing-packages/publishing-docker-images.md b/content/actions/publishing-packages/publishing-docker-images.md index ec66a1f9c5f0..5bb6069f352a 100644 --- a/content/actions/publishing-packages/publishing-docker-images.md +++ b/content/actions/publishing-packages/publishing-docker-images.md @@ -115,7 +115,12 @@ jobs: labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %} {% ifversion artifact-attestations %} - {% data reusables.actions.artifact-attestations-step-for-container-images %} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} + subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} + push-to-registry: true {% endif %} ``` @@ -223,7 +228,12 @@ jobs: labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %} {% ifversion artifact-attestations %} - {% data reusables.actions.artifact-attestations-step-for-container-images %} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} + subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} + push-to-registry: true {% endif %} ``` From ce874322eb2fc245d941ec15c5fd8a701cacb6cd Mon Sep 17 00:00:00 2001 From: Jan Brasna <1784648+janbrasna@users.noreply.github.com> Date: Sun, 14 Jul 2024 15:52:32 +0200 Subject: [PATCH 3/6] Update publish-docker-image workflow --- data/reusables/package_registry/publish-docker-image.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/data/reusables/package_registry/publish-docker-image.md b/data/reusables/package_registry/publish-docker-image.md index 8f064a1d417e..19f92eb5d01f 100644 --- a/data/reusables/package_registry/publish-docker-image.md +++ b/data/reusables/package_registry/publish-docker-image.md @@ -61,6 +61,11 @@ jobs: labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %} {% ifversion artifact-attestations %} # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." - {% data reusables.actions.artifact-attestations-step-for-container-images %} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} + subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} + push-to-registry: true {% endif %} ``` From 37a80a85bea7225369545791243e6ed81ab936c1 Mon Sep 17 00:00:00 2001 From: Jan Brasna <1784648+janbrasna@users.noreply.github.com> Date: Sun, 14 Jul 2024 15:53:40 +0200 Subject: [PATCH 4/6] Delete reusables/actions/artifact-attestations-step-for-container-images --- .../artifact-attestations-step-for-container-images.md | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 data/reusables/actions/artifact-attestations-step-for-container-images.md diff --git a/data/reusables/actions/artifact-attestations-step-for-container-images.md b/data/reusables/actions/artifact-attestations-step-for-container-images.md deleted file mode 100644 index 8a0683b3af95..000000000000 --- a/data/reusables/actions/artifact-attestations-step-for-container-images.md +++ /dev/null @@ -1,6 +0,0 @@ -- name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 - with: - subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} - subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} - push-to-registry: true From 7e06a271c5c3cd7badf3bd8dbe235709edb5b799 Mon Sep 17 00:00:00 2001 From: Jan Brasna <1784648+janbrasna@users.noreply.github.com> Date: Sun, 14 Jul 2024 16:30:40 +0200 Subject: [PATCH 5/6] Whitespace --- .../publishing-packages/publishing-docker-images.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/content/actions/publishing-packages/publishing-docker-images.md b/content/actions/publishing-packages/publishing-docker-images.md index 5bb6069f352a..a78b6a21f450 100644 --- a/content/actions/publishing-packages/publishing-docker-images.md +++ b/content/actions/publishing-packages/publishing-docker-images.md @@ -113,15 +113,15 @@ jobs: push: true tags: {% raw %}${{ steps.meta.outputs.tags }}{% endraw %} labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %} - - {% ifversion artifact-attestations %} + +{% ifversion artifact-attestations %} - name: Generate artifact attestation uses: actions/attest-build-provenance@v1 with: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} push-to-registry: true - {% endif %} +{% endif %} ``` The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to: build a Docker image based on your repository's `Dockerfile`; push the image to Docker Hub, and apply a tag to the image. @@ -227,14 +227,14 @@ jobs: tags: {% raw %}${{ steps.meta.outputs.tags }}{% endraw %} labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %} - {% ifversion artifact-attestations %} +{% ifversion artifact-attestations %} - name: Generate artifact attestation uses: actions/attest-build-provenance@v1 with: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} push-to-registry: true - {% endif %} +{% endif %} ``` The above workflow checks out the {% data variables.product.product_name %} repository, uses the `login-action` twice to log in to both registries and generates tags and labels with the `metadata-action` action. From fa95b70da052307b254bbf3c48c95a3e7a5d37c6 Mon Sep 17 00:00:00 2001 From: Jan Brasna <1784648+janbrasna@users.noreply.github.com> Date: Sun, 14 Jul 2024 17:04:41 +0200 Subject: [PATCH 6/6] Whitespace control --- .../actions/publishing-packages/publishing-docker-images.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/actions/publishing-packages/publishing-docker-images.md b/content/actions/publishing-packages/publishing-docker-images.md index a78b6a21f450..1fa0ed559f08 100644 --- a/content/actions/publishing-packages/publishing-docker-images.md +++ b/content/actions/publishing-packages/publishing-docker-images.md @@ -121,7 +121,7 @@ jobs: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} push-to-registry: true -{% endif %} +{% endif -%} ``` The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to: build a Docker image based on your repository's `Dockerfile`; push the image to Docker Hub, and apply a tag to the image. @@ -234,7 +234,7 @@ jobs: subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} push-to-registry: true -{% endif %} +{% endif -%} ``` The above workflow checks out the {% data variables.product.product_name %} repository, uses the `login-action` twice to log in to both registries and generates tags and labels with the `metadata-action` action.