Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

generate provenance attestation #11797

Closed
wants to merge 1 commit into from
Closed

generate provenance attestation #11797

wants to merge 1 commit into from

Conversation

ndeloof
Copy link
Contributor

@ndeloof ndeloof commented May 7, 2024

What I did
produce provenance attestations for artifacts being built during release
see https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds

@ndeloof ndeloof requested review from a team, glours, milas and jhrotko and removed request for a team May 7, 2024 08:20
@ndeloof ndeloof force-pushed the main branch 3 times, most recently from ad8dbd5 to 18358ee Compare May 7, 2024 08:26
milas
milas reviewed May 7, 2024
View reviewed changes
.github/workflows/ci.yml Outdated
Comment on lines 255 to 256
id-token: write
attestations: write
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the binary job needs these permissions to fix the CI error?

The GitHub docs are a bit vague but say (emphasis mine):

In the workflow that builds the binary you would like to attest, add the following permissions.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems this does not work on forks? actions/deploy-pages#184 (comment)

@ndeloof
generate provenance attestation
c404f18 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
@ndeloof
Copy link
Contributor Author

ndeloof commented May 7, 2024

ok giving up with this for now

@ndeloof ndeloof closed this May 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@milas milas milas left review comments

@glours glours Awaiting requested review from glours glours was automatically assigned from docker/compose-maintainers

@jhrotko jhrotko Awaiting requested review from jhrotko jhrotko was automatically assigned from docker/compose-maintainers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ndeloof @milas @jhrotko