From 540028a22eb6c6113878f5e4daffdfd38aa6589e Mon Sep 17 00:00:00 2001
From: Matthew Kilgore <matthew@kilgore.dev>
Date: Thu, 11 Dec 2025 22:24:11 -0500
Subject: [PATCH] fix: broken docker.io attestation

---
 .github/workflows/docker-publish-hardened.yaml | 2 +-
 .github/workflows/docker-publish-rootless.yaml | 2 +-
 .github/workflows/docker-publish.yaml          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docker-publish-hardened.yaml b/.github/workflows/docker-publish-hardened.yaml
index 0299159d..ac8547df 100644
--- a/.github/workflows/docker-publish-hardened.yaml
+++ b/.github/workflows/docker-publish-hardened.yaml
@@ -243,6 +243,6 @@ jobs:
         uses: actions/attest-build-provenance@v1
         if: (github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/'))
         with:
-          subject-name: ${{ env.DOCKERHUB_REPO }}
+          subject-name: docker.io/${{ env.DOCKERHUB_REPO }}
           subject-digest: ${{ steps.push-dockerhub.outputs.digest }}
           push-to-registry: true
diff --git a/.github/workflows/docker-publish-rootless.yaml b/.github/workflows/docker-publish-rootless.yaml
index ad335e25..004a4040 100644
--- a/.github/workflows/docker-publish-rootless.yaml
+++ b/.github/workflows/docker-publish-rootless.yaml
@@ -245,6 +245,6 @@ jobs:
         uses: actions/attest-build-provenance@v1
         if: (github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/'))
         with:
-          subject-name: ${{ env.DOCKERHUB_REPO }}
+          subject-name: docker.io/${{ env.DOCKERHUB_REPO }}
           subject-digest: ${{ steps.push-dockerhub.outputs.digest }}
           push-to-registry: true
diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml
index 710761e8..6fcc67d6 100644
--- a/.github/workflows/docker-publish.yaml
+++ b/.github/workflows/docker-publish.yaml
@@ -236,6 +236,6 @@ jobs:
         uses: actions/attest-build-provenance@v1
         if: (github.event_name == 'schedule' || startsWith(github.ref, 'refs/tags/'))
         with:
-          subject-name: ${{ env.DOCKERHUB_REPO }}
+          subject-name: docker.io/${{ env.DOCKERHUB_REPO }}
           subject-digest: ${{ steps.push-dockerhub.outputs.digest }}
           push-to-registry: true