From 5a18909314aad69c9bd1860bd704f0296982ceaa Mon Sep 17 00:00:00 2001
From: Bret Fisher <bret@bretfisher.com>
Date: Fri, 10 Mar 2023 22:04:47 -0500
Subject: [PATCH] testing attestations

---
 .github/workflows/reusable-docker-build.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/reusable-docker-build.yaml b/.github/workflows/reusable-docker-build.yaml
index 723f9c6..e36678d 100644
--- a/.github/workflows/reusable-docker-build.yaml
+++ b/.github/workflows/reusable-docker-build.yaml
@@ -163,6 +163,9 @@ jobs:
           push: true
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}
+          # add attestations for provenance and sbom
+          provenance: true
+          sbom: true
       -
         # If PR, put image tags in the PR comments
         # from https://github.com/marketplace/actions/create-or-update-comment