From dbbc16961fbe0f8f5fe4b41f08e316449e9049dd Mon Sep 17 00:00:00 2001 From: Matthew Boedicker <24275+mmb@users.noreply.github.com> Date: Tue, 11 Feb 2025 22:15:52 -0800 Subject: [PATCH 1/2] Fix attest build provenance steps in publishing docker image examples Instead of using env.REGISTRY and env.IMAGE_NAME, which are not set, use the images in the metadata-action step. Fixes #36243 --- .../publishing-packages/publishing-docker-images.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md b/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md index 381fcf910c9f..242930bd0b90 100644 --- a/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md +++ b/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md @@ -116,7 +116,7 @@ jobs: - name: Generate artifact attestation uses: actions/attest-build-provenance@v2 with: - subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} + subject-name: index.docker.io/my-docker-hub-namespace/my-docker-hub-repository subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} push-to-registry: true {% endif -%} @@ -226,10 +226,16 @@ jobs: labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %} {% ifversion artifact-attestations %} - - name: Generate artifact attestation + - name: Generate artifact attestation for Docker Hub + uses: actions/attest-build-provenance@v2 + with: + subject-name: index.docker.io/my-docker-hub-namespace/my-docker-hub-repository + subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} + push-to-registry: true + - name: Generate artifact attestation for the Container registry uses: actions/attest-build-provenance@v2 with: - subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} + subject-name: {% data reusables.package_registry.container-registry-hostname %}/{% raw %}${{ github.repository }}{% endraw %} subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} push-to-registry: true {% endif -%} From b4a71931b0b72b909bcf68e18a7decc52e9ba8c8 Mon Sep 17 00:00:00 2001 From: Matthew Boedicker <24275+mmb@users.noreply.github.com> Date: Thu, 13 Feb 2025 17:13:49 -0800 Subject: [PATCH 2/2] Remove Docker hub attest-build-provenance --- .../publishing-packages/publishing-docker-images.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md b/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md index 242930bd0b90..c0035e68758f 100644 --- a/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md +++ b/content/actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md @@ -226,13 +226,7 @@ jobs: labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %} {% ifversion artifact-attestations %} - - name: Generate artifact attestation for Docker Hub - uses: actions/attest-build-provenance@v2 - with: - subject-name: index.docker.io/my-docker-hub-namespace/my-docker-hub-repository - subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} - push-to-registry: true - - name: Generate artifact attestation for the Container registry + - name: Generate artifact attestation uses: actions/attest-build-provenance@v2 with: subject-name: {% data reusables.package_registry.container-registry-hostname %}/{% raw %}${{ github.repository }}{% endraw %}