From fa540e53faeb6fbd0ad3dab81fb2e8c3cb4cfe95 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexis=20M=C3=A9taireau?= <alexis@freedom.press>
Date: Mon, 20 Jan 2025 15:25:51 +0100
Subject: [PATCH] Remove the tag from the attestation, what we attest is the
 hash, so no need for it

---
 .github/workflows/release-container-image.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/release-container-image.yml b/.github/workflows/release-container-image.yml
index 752c27f..7177e93 100644
--- a/.github/workflows/release-container-image.yml
+++ b/.github/workflows/release-container-image.yml
@@ -51,11 +51,10 @@ jobs:
           podman tag dangerzone.rocks/dangerzone:$TAG "$FINAL_IMAGE_NAME"
           podman push "$FINAL_IMAGE_NAME" --digestfile=digest
           echo "digest=$(cat digest)" >> "$GITHUB_OUTPUT"
-          echo "tag=$TAG" >> "$GITHUB_OUTPUT"
 
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v1
         with:
-          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.build-image.outputs.tag }}
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           subject-digest: "${{ steps.build-image.outputs.digest }}"
           push-to-registry: true