From d80eb77fa192a69d612f2a27fc3f15711a96814c Mon Sep 17 00:00:00 2001
From: Tim Smith <tsmith@chef.io>
Date: Mon, 22 Apr 2024 15:13:42 -0700
Subject: [PATCH] Generate SBOM and attestations in the manifests (#126)

# Description

Push all the data into DockerHub

## Issues Resolved

List any existing issues this PR resolves, or any Discourse or
StackOverflow discussions that are relevant

## Type of Change

Our release process assumes you are using [Conventional Commit
messages](https://www.conventionalcommits.org/en/v1.0.0/).

The most important prefixes you should have in mind are:

- `_fix_`: which represents bug fixes, and correlates to a SemVer patch.
- `_feat_`: which represents a new feature, and correlates to a SemVer
minor.
- `_feat!_`:, or `fix!:`, `refactor!:`, etc., which represent a breaking
change (indicated by the !) and will result in a major version change.

If you have not included a conventional commit message this can be fixed
on merge.

## Check List

- [ ] New functionality includes tests
- [ ] All tests pass
- [ ] Commit message includes a [Conventional Commit
Message](https://www.conventionalcommits.org/en/v1.0.0)

Signed-off-by: Tim Smith <tsmith84@gmail.com>
---
 .github/workflows/main.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index 5b99608..a61fde0 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -92,6 +92,8 @@ jobs:
       - name: Build and push (amd64, arm64)
         uses: docker/build-push-action@v5
         with:
+          sbom: true
+          provenance: true
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           platforms: linux/amd64,linux/arm64