From 6318bd724b7c7f9e2cf69ccad5a532108e9a8737 Mon Sep 17 00:00:00 2001
From: Hugh Nimmo-Smith <hughns@element.io>
Date: Wed, 22 Jan 2025 10:50:20 +0000
Subject: [PATCH 1/2] Add SBOM attestations to docker images

---
 .github/workflows/docker.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 7bc0072..d194fc9 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -53,6 +53,7 @@ jobs:
           context: .
           platforms: linux/amd64,linux/arm64
           push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }} # only push on main branch or release tag
+          sbom: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |

From ff166cb1840ac8a4855bf114afdbc4f491b4c78e Mon Sep 17 00:00:00 2001
From: Hugh Nimmo-Smith <hughns@element.io>
Date: Wed, 22 Jan 2025 10:53:12 +0000
Subject: [PATCH 2/2] Set provenance: mode=max

---
 .github/workflows/docker.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index d194fc9..ab19af9 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -53,6 +53,7 @@ jobs:
           context: .
           platforms: linux/amd64,linux/arm64
           push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }} # only push on main branch or release tag
+          provenance: mode=max
           sbom: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}