Add image attestations

unisoncomputing · May 10, 2024 · 91628b4 · 91628b4
1 parent 63748ce
commit 91628b4
Showing 1 changed file with 6 additions and 8 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -89,7 +89,6 @@ jobs:
       - name: save stack caches
         if: |
           !cancelled()
-            && steps.restore-stack-caches.outputs.cache-hit != 'true'
         uses: unisonweb/actions/stack/cache/save@main
         with:
           cache-prefix: ${{env.exe_cache_prefix}}
@@ -175,14 +174,13 @@ jobs:
           name: share-docker-image
           path: /tmp/share-docker-image.tar
 
-      # NOTE: disabled until repo goes public
       # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."
-      # - name: Generate artifact attestation
-      #   uses: actions/[email protected]
-      #   with:
-      #     subject-name: ${{ env.container_registry }}/${{ env.docker_image_name}}
-      #     subject-digest: ${{ steps.push.outputs.digest }}
-      #     push-to-registry: true
+      - name: Generate artifact attestation
+        uses: actions/[email protected]
+        with:
+          subject-name: ${{ env.container_registry }}/${{ env.docker_image_name}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
 
   # A separate job for docker build because it requires elevated github token permissions.
   transcript-tests: