Merge pull request #1009 from fluxcd/container-sbom

build: Enable SBOM and SLSA Provenance
2023-01-30 13:39:04 +02:00 · 2023-01-30 13:39:04 +02:00 · b9986fab5a
parent a56a8884b1 59e061c8ef
commit b9986fab5a
2 changed files with 3 additions and 1 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -62,6 +62,8 @@ jobs:
      - name: Publish images
        uses: docker/build-push-action@v3
        with:
+          sbom: true
+          provenance: true
          push: true
          builder: ${{ steps.buildx.outputs.name }}
          context: .
--- a/2
+++ b/2
@ -61,7 +61,7 @@ RUN export CGO_LDFLAGS="-static -fuse-ld=lld" && \
 # Ensure that the binary was cross-compiled correctly to the target platform.
 RUN xx-verify --static /source-controller

-FROM alpine:3.16
+FROM alpine:3.17

 ARG TARGETPLATFORM
 RUN apk --no-cache add ca-certificates \