chore(ci): harden container publish before GHCR goes public#127
chore(ci): harden container publish before GHCR goes public#127abubnalitic-nbl wants to merge 1 commit into
Conversation
Prepares the published image for public distribution (issue #83). - Pin python:3.14-alpine3.23 base image by digest in both Dockerfile stages so a compromised upstream tag cannot substitute the base. Renovate's docker manager will bump digests. - Sign published images with cosign keyless (Sigstore + GitHub OIDC). No long-lived keys; signatures are tied to this repo's workflow. - Emit SLSA build provenance attestations via actions/attest-build-provenance, pushed to the registry alongside each image. - Grant the minimum additional permissions required (id-token, attestations). - README: document GHCR pulls, version pinning guidance, and the cosign verify command. Relates to #83 Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
Vulnerability Scan: PassedImage:
Commit: 0895161 |
|
Heads up — per the discussion on ITH-1687, we're standardising public images on Docker Hub rather than flipping the GHCR package public. #132 retargets the publish workflow at Your hardening here is still valuable and we'd like to land it before the first public Docker Hub release. Once #132 merges, could you rebase this branch and update the cosign / SLSA provenance / README references from |
|
Closing in favour of a fresh PR rebased on top of #132 (Docker Hub publishing). The Dockerfile digest pin carries over unchanged; the cosign signing + SLSA attestation steps need to be restructured to fit the new matrix-build / manifest-merge workflow, so a clean diff against main is more readable than rebasing this branch. |
Adds supply-chain hardening to the Docker Hub publish pipeline introduced in #132: - Pin the python:3.14-alpine3.23 base image by digest in both Dockerfile stages so a compromised tag cannot substitute the base. - Sign the published multi-arch manifest with cosign keyless (Sigstore + GitHub OIDC) so pullers can verify each image came from this repo's Actions. - Generate SLSA build provenance attestations via actions/attest-build-provenance, pushed to the registry alongside the manifest, linking any published digest back to the workflow run that produced it. - Document `cosign verify` in the README's Docker Hub section. Carries over the intent of #127, restructured to fit the matrix-build / manifest-merge workflow merged in #132. Signing happens once on the manifest-list digest in the merge job; all aliased tags (latest, X.Y.Z, X.Y, X) resolve to the same digest, so a single signature covers them. Co-authored-by: Claude Sonnet 4.6 <[email protected]>
Prepares the published image for public distribution (relates to #83). The
docker-publish.ymlworkflow already publishes multi-arch images to GHCR; this PR adds the supply-chain guarantees we want in place before flipping package visibility to public.What changes
Dockerfile, both stages). Prevents a compromisedpython:3.14-alpine3.23tag from substituting the base under us. Renovate'sdockermanager will bump digests.actions/attest-build-provenance, pushed to the registry alongside the image. Cryptographically links any published digest back to the exact workflow run and commit that produced it.id-token: write,attestations: write.latest, and shows thecosign verifycommand.Verify
After merge + next main push, pulling + verifying an image should work:
Out of scope (intentionally)
latestto track only tagged releases instead of every push tomain. The current behavior is unchanged; the README now makes it explicit. Happy to follow up if the team wants stricter semantics.Test plan
test.yml,container-scan.yaml,docker-publish.ymlPR run) pass on this branchmainproduces a signed image with a provenance attestation atghcr.io/netboxlabs/netbox-mcp-servercosign verifyagainst a post-merge tag returns success🤖 Generated with Claude Code