From 5381272e5f5e4ec74ff685ffcc5f3d5db907b66b Mon Sep 17 00:00:00 2001 From: Jan Brasna <1784648+janbrasna@users.noreply.github.com> Date: Thu, 18 Jul 2024 20:21:21 +0200 Subject: [PATCH] Fix regression in artifact-attestations-step-for-container-images.md (#33917) Co-authored-by: snorremd Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com> --- .../publishing-docker-images.md | 24 +++++++++++++------ ...-attestations-step-for-container-images.md | 6 ----- .../package_registry/publish-docker-image.md | 7 +++++- 3 files changed, 23 insertions(+), 14 deletions(-) delete mode 100644 data/reusables/actions/artifact-attestations-step-for-container-images.md diff --git a/content/actions/publishing-packages/publishing-docker-images.md b/content/actions/publishing-packages/publishing-docker-images.md index ec66a1f9c5..1fa0ed559f 100644 --- a/content/actions/publishing-packages/publishing-docker-images.md +++ b/content/actions/publishing-packages/publishing-docker-images.md @@ -113,10 +113,15 @@ jobs: push: true tags: {% raw %}${{ steps.meta.outputs.tags }}{% endraw %} labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %} - - {% ifversion artifact-attestations %} - {% data reusables.actions.artifact-attestations-step-for-container-images %} - {% endif %} + +{% ifversion artifact-attestations %} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} + subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} + push-to-registry: true +{% endif -%} ``` The above workflow checks out the {% data variables.product.prodname_dotcom %} repository, uses the `login-action` to log in to the registry, and then uses the `build-push-action` action to: build a Docker image based on your repository's `Dockerfile`; push the image to Docker Hub, and apply a tag to the image. @@ -222,9 +227,14 @@ jobs: tags: {% raw %}${{ steps.meta.outputs.tags }}{% endraw %} labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %} - {% ifversion artifact-attestations %} - {% data reusables.actions.artifact-attestations-step-for-container-images %} - {% endif %} +{% ifversion artifact-attestations %} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} + subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} + push-to-registry: true +{% endif -%} ``` The above workflow checks out the {% data variables.product.product_name %} repository, uses the `login-action` twice to log in to both registries and generates tags and labels with the `metadata-action` action. diff --git a/data/reusables/actions/artifact-attestations-step-for-container-images.md b/data/reusables/actions/artifact-attestations-step-for-container-images.md deleted file mode 100644 index b48ce30773..0000000000 --- a/data/reusables/actions/artifact-attestations-step-for-container-images.md +++ /dev/null @@ -1,6 +0,0 @@ -* name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 - with: - subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} - subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} - push-to-registry: true diff --git a/data/reusables/package_registry/publish-docker-image.md b/data/reusables/package_registry/publish-docker-image.md index 8f064a1d41..19f92eb5d0 100644 --- a/data/reusables/package_registry/publish-docker-image.md +++ b/data/reusables/package_registry/publish-docker-image.md @@ -61,6 +61,11 @@ jobs: labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %} {% ifversion artifact-attestations %} # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." - {% data reusables.actions.artifact-attestations-step-for-container-images %} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %} + subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %} + push-to-registry: true {% endif %} ```