Bump actions/attest-build-provenance from 3 to 4

Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 3 to 4. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
2026-03-17 14:34:03 +00:00 · 2026-03-02 13:20:29 +00:00
parent 2266634f36
commit 400f949275
1 changed files with 3 additions and 3 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -88,14 +88,14 @@ jobs:
          cosign sign --yes $(jq --arg DOCKERHUB_DIGEST_SHA "$(cat DOCKERHUB_DIGEST_SHA)" -cr '.target."docker-metadata-action".tags | map(select(startswith("index.docker.io/${{github.repository}}")) | . + "@" + $DOCKERHUB_DIGEST_SHA) | join(" ")' ${{ runner.temp }}/${{matrix.variant}}/bake-meta.json)

      - name: Attest GHCR
-        uses: actions/attest-build-provenance@v3
+        uses: actions/attest-build-provenance@v4
        with:
          subject-name: ghcr.io/${{github.repository}}
          subject-digest: ${{ env.GHCR_DIGEST_SHA }}
          push-to-registry: true

      - name: Attest Dockerhub
-        uses: actions/attest-build-provenance@v3
+        uses: actions/attest-build-provenance@v4
        with:
          subject-name: index.docker.io/${{github.repository}}
          subject-digest: ${{ env.DOCKERHUB_DIGEST_SHA }}
@@ -414,7 +414,7 @@ jobs:

      - name: Attest binary
        id: attest
-        uses: actions/attest-build-provenance@v3
+        uses: actions/attest-build-provenance@v4
        with:
          subject-path: |
            archive/**/*.tar.gz