Sebastian Krüger
f2d2bd7e25
Updated GitHub Actions workflow based on kit.pivoine.art template: Permissions: - Added id-token: write (required for attestations) - Added attestations: write (enables build provenance) Improvements: - Added workflow_dispatch trigger for manual runs - Updated docker/build-push-action from v5 to v6 - Added conditional login (skip on pull requests) - Added artifact attestation step with actions/attest-build-provenance@v2 - Generates and pushes build provenance to registry - Provides supply chain security and transparency Attestation benefits: - Verifiable build provenance - SLSA (Supply chain Levels for Software Artifacts) compliance - Cryptographically signed metadata about build process - Helps users verify image authenticity The workflow now matches modern Docker image publishing best practices with full attestation support for enhanced security. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2.0 KiB
2.0 KiB