Merge pull request #478 from fluxcd/docker-sbom

build: Enable SBOM and SLSA Provenance
2023-01-30 16:09:50 +02:00 · 2023-01-30 16:09:50 +02:00 · 6766f3b451
parent d3eb70b366 576cd7e331
commit 6766f3b451
2 changed files with 5 additions and 3 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -32,8 +32,8 @@ jobs:
          if [[ $GITHUB_REF == refs/tags/* ]]; then
            VERSION=${GITHUB_REF/refs\/tags\//}
          fi
-          echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-          echo ::set-output name=VERSION::${VERSION}
+          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
      - name: Setup QEMU
        uses: docker/setup-qemu-action@v2
      - name: Setup Docker Buildx
@ -62,6 +62,8 @@ jobs:
      - name: Publish images
        uses: docker/build-push-action@v3
        with:
+          sbom: true
+          provenance: true
          push: true
          builder: ${{ steps.buildx.outputs.name }}
          context: .
--- a/2
+++ b/2
@ -61,7 +61,7 @@ RUN export CGO_LDFLAGS="-static -fuse-ld=lld" && \
 # Ensure that the binary was cross-compiled correctly to the target platform.
 RUN xx-verify --static /image-automation-controller

-FROM alpine:3.16
+FROM alpine:3.17

 ARG TARGETPLATFORM
 RUN apk --no-cache add ca-certificates \