mirror of
https://github.com/actions/attest-build-provenance.git
synced 2026-01-28 15:06:34 +00:00
Add more documentation on Artifact Metadata Storage Records (#797)
Some checks failed
Check Transpiled JavaScript / Check dist/ (push) Failing after 4s
Continuous Integration / TypeScript Tests (push) Failing after 3s
Continuous Integration / Test attest-provenance action (push) Failing after 2s
CodeQL / Analyze (TypeScript) (push) Failing after 17s
Public-Good Sigstore Prober / prober (push) Failing after 3s
GitHub Sigstore Prober / prober (push) Failing after 1s
Some checks failed
Check Transpiled JavaScript / Check dist/ (push) Failing after 4s
Continuous Integration / TypeScript Tests (push) Failing after 3s
Continuous Integration / Test attest-provenance action (push) Failing after 2s
CodeQL / Analyze (TypeScript) (push) Failing after 17s
Public-Good Sigstore Prober / prober (push) Failing after 3s
GitHub Sigstore Prober / prober (push) Failing after 1s
* add section on artifact storage records Signed-off-by: Meredith Lancaster <malancas@github.com> * reorganize storage record section Signed-off-by: Meredith Lancaster <malancas@github.com> * add additional requirements for record generation Signed-off-by: Meredith Lancaster <malancas@github.com> * typo Signed-off-by: Meredith Lancaster <malancas@github.com> * wording Signed-off-by: Meredith Lancaster <malancas@github.com> * Update README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * lines should not exceed 80 characters Signed-off-by: Meredith Lancaster <malancas@github.com> * Update README.md Co-authored-by: Brian DeHamer <bdehamer@github.com> * line wrapping linting Signed-off-by: Meredith Lancaster <malancas@github.com> --------- Signed-off-by: Meredith Lancaster <malancas@github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Brian DeHamer <bdehamer@github.com>
This commit is contained in:
Meredith Lancaster
GitHub
parent
98f3aa9c27
commit
6865550d03
23
README.md
23
README.md
@ -253,10 +253,6 @@ the specific image being attested is identified by the supplied digest.
|
||||
Attestation bundles are stored in the OCI registry according to the [Cosign
|
||||
Bundle Specification][10].
|
||||
|
||||
If the `push-to-registry` option is set to true, the Action will also
|
||||
emit an Artifact Metadata Storage Record. If you do not want to emit a
|
||||
storage record, set `create-storage-record` to `false`.
|
||||
|
||||
> **NOTE**: When pushing to Docker Hub, please use "index.docker.io" as the
|
||||
> registry portion of the image name.
|
||||
|
||||
@ -304,6 +300,25 @@ jobs:
|
||||
push-to-registry: true
|
||||
```
|
||||
|
||||
#### Artifact Metadata Storage Records
|
||||
|
||||
If the `push-to-registry` option is set to true, the Action will also
|
||||
emit an [Artifact Metadata Storage Record](https://docs.github.com/en/rest/orgs/artifact-metadata?apiVersion=2022-11-28#create-artifact-metadata-storage-record).
|
||||
Storage records enrich artifact metadata by capturing storage
|
||||
related details, such as which registry an image is hosted on
|
||||
and whether it's marked as active.
|
||||
|
||||
If you do not want to emit a storage record, set `create-storage-record` to `false`.
|
||||
|
||||
> **NOTE**: Storage records can only be created for artifacts
|
||||
> built from [organization-owned](https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/about-organizations)
|
||||
> repositories.
|
||||
|
||||
Artifacts associated with a storage record can be viewed by navigating to
|
||||
the `Linked Artifacts` page in your organization:
|
||||
`https://github.com/orgs/YOUR_ORG/artifacts`
|
||||
(replace `YOUR_ORG` with your organization name).
|
||||
|
||||
### Integration with `actions/upload-artifact`
|
||||
|
||||
If you'd like to create an attestation for an archive created with the
|
||||
|
||||
Loading…
Reference in New Issue
Block a user