Fix attest build provenance steps in publishing docker image examples

Instead of using env.REGISTRY and env.IMAGE_NAME, which are not set, use the images in the metadata-action step. Fixes github#36243
mmb · Feb 12, 2025 · dbbc169 · dbbc169
1 parent c4cde1a
commit dbbc169
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/.../actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md b/.../actions/use-cases-and-examples/publishing-packages/publishing-docker-images.md
@@ -116,7 +116,7 @@ jobs:
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v2
         with:
-          subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %}
+          subject-name: index.docker.io/my-docker-hub-namespace/my-docker-hub-repository
           subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %}
           push-to-registry: true
 {% endif -%}
@@ -226,10 +226,16 @@ jobs:
           labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}
 
 {% ifversion artifact-attestations %}
-      - name: Generate artifact attestation
+      - name: Generate artifact attestation for Docker Hub
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: index.docker.io/my-docker-hub-namespace/my-docker-hub-repository
+          subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %}
+          push-to-registry: true
+      - name: Generate artifact attestation for the Container registry
         uses: actions/attest-build-provenance@v2
         with:
-          subject-name: {% raw %}${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}{% endraw %}
+          subject-name: {% data reusables.package_registry.container-registry-hostname %}/{% raw %}${{ github.repository }}{% endraw %}
           subject-digest: {% raw %}${{ steps.push.outputs.digest }}{% endraw %}
           push-to-registry: true
 {% endif -%}