feat: add SLSA provenance and attestations to all Docker build workflows (#1670)

* feat: add SLSA provenance and attestations to all Docker build workflows

Enable provenance: true and sbom: true on all image builds, upgrade
attest-build-provenance to v2, and add merged manifest attestation
for multi-platform bake workflows.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: compute merged manifest digest from raw bytes instead of Go template

The --format '{{.Manifest.Digest}}' template doesn't work for OCI image
indexes. Use --raw | sha256sum to reliably compute the digest.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: remove setup-qemu-action from build workflows

QEMU is unnecessary since all platform builds run on native runners.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: gugu

.github/workflows/build-agent.yml

@@ -67,9 +67,6 @@ jobs:
           name: bake-meta
           path: /tmp
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -84,6 +81,7 @@ jobs:
         uses: docker/bake-action@v5
         with:
           sbom: true
+          provenance: true
           files: |
             ./docker-bake-agent.hcl
             /tmp/bake-meta.json
@@ -108,14 +106,18 @@ jobs:
           retention-days: 1
 
       - name: Attest Build Provenance
-        uses: actions/attest-build-provenance@v1
+        uses: actions/attest-build-provenance@v2
         with:
           subject-digest: "${{ fromJSON(steps.bake.outputs.metadata).image['containerimage.digest'] }}"
           push-to-registry: false
           subject-name: ${{ env.REGISTRY_IMAGE }}
 
   merge:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
     needs:
       - build
     steps:
@@ -147,6 +149,20 @@ jobs:
           docker buildx imagetools create $(jq -cr '.target."docker-metadata-action".tags | map(select(startswith("${{ env.REGISTRY_IMAGE }}")) | "-t " + .) | join(" ")' /tmp/bake-meta.json) \
             $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
 
+      - name: Get merged manifest digest
+        id: manifest
+        run: |
+          TAG=$(jq -r '.target."docker-metadata-action".args.DOCKER_META_VERSION' /tmp/bake-meta.json)
+          DIGEST="sha256:$(docker buildx imagetools inspect "${{ env.REGISTRY_IMAGE }}:${TAG}" --raw | sha256sum | cut -d ' ' -f1)"
+          echo "digest=${DIGEST}" >> $GITHUB_OUTPUT
+
+      - name: Attest Merged Manifest Provenance
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-digest: ${{ steps.manifest.outputs.digest }}
+          subject-name: ${{ env.REGISTRY_IMAGE }}
+          push-to-registry: false
+
       - name: Inspect image
         run: |
           docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:$(jq -r '.target."docker-metadata-action".args.DOCKER_META_VERSION' /tmp/bake-meta.json)

.github/workflows/build.yml

@@ -68,9 +68,6 @@ jobs:
           name: bake-meta
           path: /tmp
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -85,6 +82,7 @@ jobs:
         uses: docker/bake-action@v5
         with:
           sbom: true
+          provenance: true
           files: |
             ./docker-bake.hcl
             /tmp/bake-meta.json
@@ -109,14 +107,18 @@ jobs:
           retention-days: 1
 
       - name: Attest Build Provenance
-        uses: actions/attest-build-provenance@v1
+        uses: actions/attest-build-provenance@v2
         with:
           subject-digest: "${{ fromJSON(steps.bake.outputs.metadata).image['containerimage.digest'] }}"
           push-to-registry: false
-          subject-name: ${{ env.REGISTRY_IMAGE }}          
+          subject-name: ${{ env.REGISTRY_IMAGE }}
 
   merge:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
     needs:
       - build
     steps:
@@ -148,6 +150,20 @@ jobs:
           docker buildx imagetools create $(jq -cr '.target."docker-metadata-action".tags | map(select(startswith("${{ env.REGISTRY_IMAGE }}")) | "-t " + .) | join(" ")' /tmp/bake-meta.json) \
             $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
 
+      - name: Get merged manifest digest
+        id: manifest
+        run: |
+          TAG=$(jq -r '.target."docker-metadata-action".args.DOCKER_META_VERSION' /tmp/bake-meta.json)
+          DIGEST="sha256:$(docker buildx imagetools inspect "${{ env.REGISTRY_IMAGE }}:${TAG}" --raw | sha256sum | cut -d ' ' -f1)"
+          echo "digest=${DIGEST}" >> $GITHUB_OUTPUT
+
+      - name: Attest Merged Manifest Provenance
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-digest: ${{ steps.manifest.outputs.digest }}
+          subject-name: ${{ env.REGISTRY_IMAGE }}
+          push-to-registry: false
+
       - name: Inspect image
         run: |
           docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:$(jq -r '.target."docker-metadata-action".args.DOCKER_META_VERSION' /tmp/bake-meta.json)

.github/workflows/quay.yml

@@ -92,6 +92,7 @@ jobs:
         uses: docker/bake-action@v5
         with:
           sbom: true
+          provenance: true
           files: |
             ./docker-bake.hcl
             /tmp/bake-meta.json
@@ -116,14 +117,18 @@ jobs:
           retention-days: 1
 
       - name: Attest Build Provenance
-        uses: actions/attest-build-provenance@v1
+        uses: actions/attest-build-provenance@v2
         with:
           subject-digest: "${{ fromJSON(steps.bake.outputs.metadata).image['containerimage.digest'] }}"
           push-to-registry: false
           subject-name: ${{ env.REGISTRY_IMAGE }}
 
   merge:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
     needs:
       - build
     steps:
@@ -156,6 +161,20 @@ jobs:
           docker buildx imagetools create $(jq -cr '.target."docker-metadata-action".tags | map(select(startswith("${{ env.REGISTRY_IMAGE }}")) | "-t " + .) | join(" ")' /tmp/bake-meta.json) \
             $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
 
+      - name: Get merged manifest digest
+        id: manifest
+        run: |
+          TAG=$(jq -r '.target."docker-metadata-action".args.DOCKER_META_VERSION' /tmp/bake-meta.json)
+          DIGEST="sha256:$(docker buildx imagetools inspect "${{ env.REGISTRY_IMAGE }}:${TAG}" --raw | sha256sum | cut -d ' ' -f1)"
+          echo "digest=${DIGEST}" >> $GITHUB_OUTPUT
+
+      - name: Attest Merged Manifest Provenance
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-digest: ${{ steps.manifest.outputs.digest }}
+          subject-name: ${{ env.REGISTRY_IMAGE }}
+          push-to-registry: false
+
       - name: Inspect image
         run: |
           docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:$(jq -r '.target."docker-metadata-action".args.DOCKER_META_VERSION' /tmp/bake-meta.json)

.github/workflows/saas.yml

@@ -27,6 +27,7 @@ jobs:
     permissions:
       contents: read
       packages: write
+      attestations: write
       # This is used to complete the identity challenge
       # with sigstore/fulcio when running outside of PRs.
       id-token: write
@@ -92,6 +93,16 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          sbom: true
+          provenance: true
+
+      - name: Attest Build Provenance
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          subject-digest: ${{ steps.build-and-push.outputs.digest }}
+          push-to-registry: true
 
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker

.github/workflows/ws-server.yml

@@ -27,6 +27,7 @@ jobs:
     permissions:
       contents: read
       packages: write
+      attestations: write
       # This is used to complete the identity challenge
       # with sigstore/fulcio when running outside of PRs.
       id-token: write
@@ -80,6 +81,16 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          sbom: true
+          provenance: true
+
+      - name: Attest Build Provenance
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          subject-digest: ${{ steps.build-and-push.outputs.digest }}
+          push-to-registry: true
 
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker