add-artifact-attestations-to-workflow
Installation
SKILL.md
Add Artifact Attestations to Workflow
Add SLSA build-provenance attestations to existing GitHub Actions workflows for Docker container images.
Steps
-
Find existing workflow files in
.github/workflows/that containdocker/build-push-actionor similar steps. Note that composite actions may be used — read both the composite action and the calling workflow simultaneously. -
Enable OIDC & Attestations permissions In each workflow's top-level
permissions:block, grant both the OIDC token and attestations write privileges:permissions: id-token: write attestations: write contents: read # (existing) packages: write # (existing)