From 1d58c7e30dbb3eadb40ee8d3978d705af738b73f Mon Sep 17 00:00:00 2001
From: Gaius <gaius.qi@gmail.com>
Date: Wed, 18 Sep 2024 21:19:59 +0800
Subject: [PATCH] chore: add sbom and provenance for docker build

Signed-off-by: Gaius <gaius.qi@gmail.com>
---
 .github/workflows/docker.yml | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 88907914f..a46ce8170 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -86,6 +86,8 @@ jobs:
         uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85
         with:
           context: .
+          sbom: true
+          provenance: true
           platforms: ${{ matrix.platforms }}
           file: build/images/${{ matrix.module }}/Dockerfile
           labels: |-
@@ -124,14 +126,6 @@ jobs:
         env:
           COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
 
-      - uses: anchore/sbom-action@v0
-        with:
-          image: dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
-
-      - uses: anchore/sbom-action@v0
-        with:
-          image: ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
-
       - name: Move cache
         run: |
           rm -rf /tmp/.buildx-cache