feat(docker): Add SBOM and provenance attestations (#8802)

This adds metadata about the contents of our image, what it contains, and how it was built.
ZcashFoundation · Aug 26, 2024 · 6cf34b2 · 6cf34b2
1 parent 37de457
commit 6cf34b2
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/.github/workflows/sub-build-docker-image.yml b/.github/workflows/sub-build-docker-image.yml
@@ -172,6 +172,10 @@ jobs:
             FEATURES=${{ env.FEATURES }}
             TEST_FEATURES=${{ env.TEST_FEATURES }}
           push: true
+          # It's recommended to build images with max-level provenance attestations
+          # https://docs.docker.com/build/ci/github-actions/attestations/
+          provenance: mode=max
+          sbom: true
           # Don't read from the cache if the caller disabled it.
           # https://docs.docker.com/engine/reference/commandline/buildx_build/#options
           no-cache: ${{ inputs.no_cache }}