From 40d26bfbba146923b77ee2fe88abe49587a65378 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fernando=20Fern=C3=A1ndez?= <ferferga@hotmail.com>
Date: Mon, 9 Sep 2024 20:25:55 +0200
Subject: [PATCH] ci(package): upload Docker image with provenance
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Fernando Fernández <ferferga@hotmail.com>
---
 .github/workflows/__package.yml | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/__package.yml b/.github/workflows/__package.yml
index d87640a14d5..527df7d3b0c 100644
--- a/.github/workflows/__package.yml
+++ b/.github/workflows/__package.yml
@@ -282,7 +282,7 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.JF_BOT_TOKEN }}
 
-      - name: Create multiplatform image ${{ inputs.push && 'and push 🛠️⬆️' || '🛠️' }} 
+      - name: Create multiplatform image and push 🛠️⬆️
         uses: docker/build-push-action@v6.7.0
         id: image
         with:
@@ -306,3 +306,17 @@ jobs:
         with:
           name: |
             buildx-*
+
+      - name: Create provenance attestation (ghcr.io) 🔏
+        uses: actions/attest-build-provenance@v1.4.3
+        with:
+          subject-name: ghcr.io/${{ env.REGISTRY_IMAGE }}
+          subject-digest: ${{ steps.image.outputs.digest }}
+          push-to-registry: true
+
+      - name: Create provenance attestation (docker.io) 🔏
+        uses: actions/attest-build-provenance@v1.4.3
+        with:
+          subject-name: docker.io/${{ env.REGISTRY_IMAGE }}
+          subject-digest: ${{ steps.image.outputs.digest }}
+          push-to-registry: true