chore(ci): sign and attest published images, pin base by digest#134
Merged
Conversation
Adds supply-chain hardening to the Docker Hub publish pipeline introduced in #132: - Pin the python:3.14-alpine3.23 base image by digest in both Dockerfile stages so a compromised tag cannot substitute the base. - Sign the published multi-arch manifest with cosign keyless (Sigstore + GitHub OIDC) so pullers can verify each image came from this repo's Actions. - Generate SLSA build provenance attestations via actions/attest-build-provenance, pushed to the registry alongside the manifest, linking any published digest back to the workflow run that produced it. - Document `cosign verify` in the README's Docker Hub section. Carries over the intent of #127, restructured to fit the matrix-build / manifest-merge workflow merged in #132. Signing happens once on the manifest-list digest in the merge job; all aliased tags (latest, X.Y.Z, X.Y, X) resolve to the same digest, so a single signature covers them. Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
Contributor
Vulnerability Scan: PassedImage:
Commit: 2ec4ce3 |
…into chore/harden-container-publish-dockerhub
ltucker
approved these changes
May 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Supply-chain hardening for the Docker Hub publish pipeline introduced in #132. Carries over the intent of the (now-closed) #127, restructured to fit the matrix-build / manifest-merge workflow.
Dockerfile, both stages). Prevents a compromisedpython:3.14-alpine3.23tag from substituting the base. Renovate'sdockermanager will bump digests.actions/attest-build-provenance, pushed to the registry alongside the manifest. Cryptographically links any published digest back to the exact workflow run and commit that produced it.id-token: write,attestations: write.cosign verifycommand in the Docker Hub section.Why sign in the merge job
The matrix
buildjobs push per-arch images by digest as internal artifacts. The public-facing object is the multi-arch manifest list created inmerge. Signing once at the manifest-list digest covers all aliased tags (latest,X.Y.Z,X.Y,X) since they all resolve to the same digest.Verify
After merge + the next
v*.*.*tag push, pulling and verifying an image should work:Test plan
docker.io/netboxlabs/netbox-mcp-serverRelates to #83.
🤖 Generated with Claude Code