almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Remove the tag from the attestation, what we attest is the hash, so no need for it

Browse source
This commit is contained in:
Alexis Métaireau 2025-01-20 15:25:51 +01:00
parent 891ffe4fec
commit 554736cab3
No known key found for this signature in database
GPG key ID: C65C7A89A8FFC56E
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/release-container-image.yml vendored
View file

@ -51,11 +51,10 @@ jobs:
podman tag dangerzone.rocks/dangerzone:$TAG "$FINAL_IMAGE_NAME"
podman push "$FINAL_IMAGE_NAME" --digestfile=digest
echo "digest=$(cat digest)" >> "$GITHUB_OUTPUT"
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.build-image.outputs.tag }}
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: "${{ steps.build-image.outputs.digest }}"
push-to-registry: true