Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix attest build provenance steps in publishing docker image examples #36263

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix attest build provenance steps in publishing docker image examples #36263

wants to merge 1 commit into from
+9 −3

Conversation

mmb
Copy link

@mmb mmb commented Feb 12, 2025

Instead of using env.REGISTRY and env.IMAGE_NAME, which are not set, use the images in the metadata-action step.

Fixes #36243

Why:

Closes: #36243

What's being changed (if available, include any code snippets, screenshots, or gifs):

The image publishing example workflows use env.REGISTRY and env.IMAGE_NAME which I found confusing because they are not set. I changed them to use the image names that are already used elsewhere in the same workflows.

In the example that pushes an image to both Docker Hub and GitHub I added an attestation step for Docker Hub to show how to create attestations in multiple registries.

Check off the following:

  • A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
  • The changes in this PR meet the docs fundamentals that are required for all content.
  • All CI checks are passing and the changes look good in the preview environment.

@mmb
Fix attest build provenance steps in publishing docker image examples
dbbc169 
Instead of using env.REGISTRY and env.IMAGE_NAME, which are not set, use the
images in the metadata-action step.

Fixes github#36243
@welcome Welcome
Copy link

welcome bot commented Feb 12, 2025

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Feb 12, 2025
@github-actions GitHub Actions
Copy link
Contributor

👓 How to review these changes

Thank you for your contribution. To review these changes, you can:

  1. Spin up a codespace
  2. Set up a local development environment

A Hubber will need to deploy your changes internally to review.

Table of review links

⚠️ Warning: Our review server is experiencing latency issues.

The table shows the files in the content directory that were changed in this pull request. This helps you review your changes on the review server. Changes to the data directory are not included in this table.

Source Review Production What Changed
actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md fpt
ghec
ghes@ 3.15 3.14 3.13 3.12 3.11 3.10
fpt
ghec
ghes@ 3.15 3.14 3.13 3.12 3.11 3.10

Key: fpt: Free, Pro, Team; ghec: GitHub Enterprise Cloud; ghes: GitHub Enterprise Server
This table is posted from the Content Changes Table Comment workflow.

🤖 This comment is automatically generated.

@am-stead am-stead added the waiting for review Issue/PR is waiting for a writer's review label Feb 12, 2025
@subatoi
Copy link
Contributor

subatoi commented Feb 12, 2025

Many thanks @mmb — I'll just get this verified internally and should be able to get back to you soon.

@subatoi subatoi added needs SME This proposal needs review from a subject matter expert and removed triage Do not begin working on this issue until triaged by the team labels Feb 12, 2025
@github-actions GitHub Actions
Copy link
Contributor

Thanks for opening a pull request! We've triaged this issue for technical review by a subject matter expert 👀

@github github deleted a comment from Eslam1415 Feb 13, 2025
subatoi
subatoi requested changes Feb 13, 2025
View reviewed changes
Copy link
Contributor

@subatoi subatoi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mmb I’m happy to accept the changes at lines 119 and 232; however, I'm afraid the SMEs have rejected the second changes—this isn’t something we’ve seen come up as a problem anywhere, and the recommendation is that if you’re using artifact attestations with multiple registries, to attest once and cioy the container image (and attestation) from the first registry to the second registry, rather than attest twice to two different registries.

If you're happy to modify the changes to just the two lines, I'm happy to get this merged for you. Many thanks

@subatoi subatoi added more-information-needed More information is needed to complete review and removed needs SME This proposal needs review from a subject matter expert labels Feb 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@subatoi subatoi subatoi requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
more-information-needed More information is needed to complete review waiting for review Issue/PR is waiting for a writer's review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

GitHub actions Docker Hub and combined publishing instructions don't work
3 participants
@mmb @subatoi @am-stead