TheArchive/restic
1
0
Fork 0
mirror of https://github.com/restic/restic.git synced 2025-12-02 12:22:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

docker: add SLSA provenance to .github workflow

Browse Source 
* the id-token of the GitHub Actions workflow will be used for image signing
* replace branch-based tagging with SHA-based tagging since, branch names are mutable, SLSA provenance requires immutable tagging
* use official SLSA framework Github Reusable workflow

docker: fix incorrect registry name in image output step

* use REGISTRY environment variable instead of IMAGE_REGISTRY

docker: revert change to remove branch tag
This commit is contained in:
Srigovind Nayak
2024-09-15 22:44:00 +05:30
committed by Srigovind Nayak
parent d7d9af4c9f
commit 144221b430
2 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
changelog/unreleased/issue-4983 Normal file
View File

@@ -0,0 +1,8 @@
Enhancement: add SLSA provenance to the Docker images
Restic's Docker image build workflow now includes SLSA provenance generation.
This enhancement improves the security and traceability of the Docker images'
build process.
https://github.com/restic/restic/issues/4983
https://github.com/restic/restic/pull/4999