actions/docker-attest-build-provenance
1
0
Fork 0
mirror of https://github.com/actions/attest-build-provenance.git synced 2026-01-28 15:06:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add more documentation on Artifact Metadata Storage Records (#797)
Some checks failed
Check Transpiled JavaScript / Check dist/ (push) Failing after 4s
Details
Continuous Integration / TypeScript Tests (push) Failing after 3s
Details
Continuous Integration / Test attest-provenance action (push) Failing after 2s
Details
CodeQL / Analyze (TypeScript) (push) Failing after 17s
Details
Public-Good Sigstore Prober / prober (push) Failing after 3s
Details
GitHub Sigstore Prober / prober (push) Failing after 1s
Details

Browse Source 
* add section on artifact storage records

Signed-off-by: Meredith Lancaster <malancas@github.com>

* reorganize storage record section

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add additional requirements for record generation

Signed-off-by: Meredith Lancaster <malancas@github.com>

* typo

Signed-off-by: Meredith Lancaster <malancas@github.com>

* wording

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Update README.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* lines should not exceed 80 characters

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Update README.md

Co-authored-by: Brian DeHamer <bdehamer@github.com>

* line wrapping linting

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
This commit is contained in:
Meredith Lancaster 2026-01-16 10:20:21 -08:00 committed by GitHub
parent 98f3aa9c27
commit 6865550d03
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
README.md
View File

@ -253,10 +253,6 @@ the specific image being attested is identified by the supplied digest.
Attestation bundles are stored in the OCI registry according to the [Cosign Attestation bundles are stored in the OCI registry according to the [Cosign
Bundle Specification][10]. Bundle Specification][10].
If the `push-to-registry` option is set to true, the Action will also
emit an Artifact Metadata Storage Record. If you do not want to emit a
storage record, set `create-storage-record` to `false`.
> **NOTE**: When pushing to Docker Hub, please use "index.docker.io" as the > **NOTE**: When pushing to Docker Hub, please use "index.docker.io" as the
> registry portion of the image name. > registry portion of the image name.
@ -304,6 +300,25 @@ jobs:
push-to-registry: true push-to-registry: true
``` ```
#### Artifact Metadata Storage Records
If the `push-to-registry` option is set to true, the Action will also
emit an [Artifact Metadata Storage Record](https://docs.github.com/en/rest/orgs/artifact-metadata?apiVersion=2022-11-28#create-artifact-metadata-storage-record).
Storage records enrich artifact metadata by capturing storage
related details, such as which registry an image is hosted on
and whether it's marked as active.
If you do not want to emit a storage record, set `create-storage-record` to `false`.
> **NOTE**: Storage records can only be created for artifacts
> built from [organization-owned](https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/about-organizations)
> repositories.
Artifacts associated with a storage record can be viewed by navigating to
the `Linked Artifacts` page in your organization:
`https://github.com/orgs/YOUR_ORG/artifacts`
(replace `YOUR_ORG` with your organization name).
### Integration with `actions/upload-artifact` ### Integration with `actions/upload-artifact`
If you'd like to create an attestation for an archive created with the If you'd like to create an attestation for an archive created with the