|
|
@@ -113,6 +113,14 @@ jobs:
|
|
|
crane copy "$IMAGE_TAG" "$IMAGE_TAG_LATEST"
|
|
|
crane copy "$IMAGE_TAG" "$IMAGE_TAG_VERSION"
|
|
|
|
|
|
+ - name: Log workflow context for provenance
|
|
|
+ run: |
|
|
|
+ echo "github.event_name=[${{ github.event_name }}]"
|
|
|
+ echo "github.run_started_at=[${{ github.run_started_at }}]"
|
|
|
+ echo "github.run_id=[${{ github.run_id }}]"
|
|
|
+ echo "github.run_attempt=[${{ github.run_attempt }}]"
|
|
|
+ echo "github.ref=[${{ github.ref }}]"
|
|
|
+
|
|
|
- name: Sign image and attest SLSA provenance
|
|
|
# Only sign tag-triggered releases; workflow_dispatch runs produce a
|
|
|
# non-tag GITHUB_REF, so the Fulcio certificate identity would not
|
Christian Petersen