From 1851664c9658e67cb4e0f8d3f1ff3e822b1d0d3c Mon Sep 17 00:00:00 2001
From: scito <info@scito.ch>
Date: Sat, 15 Mar 2025 10:13:38 +0100
Subject: [PATCH] ci: enable provenance for Docker images in CI workflow

---
 .github/workflows/ci_docker.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci_docker.yml b/.github/workflows/ci_docker.yml
index 2b20e04..8976661 100644
--- a/.github/workflows/ci_docker.yml
+++ b/.github/workflows/ci_docker.yml
@@ -95,6 +95,7 @@ jobs:
             docker.io/scit0/extract_otp_secrets:bookworm-${{ matrix.PLATFORM_ARCH }}
             ghcr.io/scito/extract_otp_secrets:latest-${{ matrix.PLATFORM_ARCH }}
             ghcr.io/scito/extract_otp_secrets:bookworm-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
           # build on feature branches, push only on master branch
           push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
 
@@ -216,6 +217,7 @@ jobs:
             docker.io/scit0/extract_otp_secrets:alpine-${{ matrix.PLATFORM_ARCH }}
             ghcr.io/scito/extract_otp_secrets:only-txt-${{ matrix.PLATFORM_ARCH }}
             ghcr.io/scito/extract_otp_secrets:alpine-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
           # build on feature branches, push only on master branch
           push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
           build-args: |
@@ -343,6 +345,7 @@ jobs:
           tags: |
             docker.io/scit0/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
             ghcr.io/scito/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
           push: ${{ github.secret_source == 'Actions' }}
 
       - name: Image digest