From 4847d8d72b9fa1466068567a70745aac8cf6fb2c Mon Sep 17 00:00:00 2001
From: Matt Kilgore <tankerkiller125@users.noreply.github.com>
Date: Mon, 6 Jan 2025 05:43:09 -0500
Subject: [PATCH] add docker sbom, provenance and annotations

---
 .github/workflows/docker-publish-rootless.yaml | 7 +++++--
 .github/workflows/docker-publish.yaml          | 3 +++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml
index 3639c64a..4d3f2f34 100644
--- a/.github/workflows/docker-publish-rootless.yaml
+++ b/.github/workflows/docker-publish-rootless.yaml
@@ -101,8 +101,11 @@ jobs:
           build-args: |
             VERSION=${{ github.ref_name }}
             COMMIT=${{ github.sha }}
-
-      - name: Export digest
+          provenance: true
+          sbom: true
+          annotations: ${{ steps.meta.outputs.annotations }}
+          
+     - name: Export digest
         run: |
           mkdir -p /tmp/digests
           digest="${{ steps.build.outputs.digest }}"
diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml
index 83f30536..ef389606 100644
--- a/.github/workflows/docker-publish.yaml
+++ b/.github/workflows/docker-publish.yaml
@@ -97,6 +97,9 @@ jobs:
           build-args: |
             VERSION=${{ github.ref_name }}
             COMMIT=${{ github.sha	}}
+          provenance: true
+          sbom: true
+          annotations: ${{ steps.meta.outputs.annotations }}
 
       - name: Export digest
         run: |