ci: generate provenance and sbom for release binaries

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2025-07-31 23:58:03 +08:00 · 2022-12-15 14:05:49 +01:00
parent a49d28e00e
commit 477200d1f9
3 changed files with 59 additions and 21 deletions
--- a/4
+++ b/4
@@ -1,4 +1,4 @@
-# syntax=docker/dockerfile:1.4
+# syntax=docker/dockerfile-upstream:master

 ARG GO_VERSION=1.19
 ARG XX_VERSION=1.1.2
@@ -58,6 +58,8 @@ FROM scratch AS binaries-windows
 COPY --link --from=buildx-build /usr/bin/docker-buildx /buildx.exe

 FROM binaries-$TARGETOS AS binaries
+# enable scanning for this stage
+ARG BUILDKIT_SBOM_SCAN_STAGE=true

 # Release
 FROM --platform=$BUILDPLATFORM alpine AS releaser