Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
lock

GitHub Action

attest-sign

v1.2.0

attest-sign

lock

attest-sign

Generate SBOM, attest and sign docker image

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: attest-sign

              
  uses: nais/[email protected]
Learn more about this action in nais/attest-sign

Choose a version

nais/attest-sign

This action generates an SBOM, attests and signs the image.

It assumes that you are already authenticated to the registry where attestations and signatures are uploaded.

Usage

env:
  registry: "some.registry/images"
  image: "myimage"

jobs:
  build_push_sign:
    runs-on: "ubuntu-latest"
    steps:
    - name: "Checkout"
      ...
    - name: "Authenticate to Google Cloud"
      ...
    - name: "Login to registry"
      ...
    - name: "Docker metadata"
      ...
    - name: "Build and push"
      id: "build_push"
      ...
    - name: "Attest and sign"
      uses: 'nais/[email protected]'
      with:
        image_ref: ${{ env.registry }}/${{ env.image }}@${{ steps.build_push.outputs.digest }}
        sbom: # By default, the SBOM is generated with Trivy from the image manifest. Can be overridden with a pre-generated SBOM.