From 5d37cab19b9fd94d97902700dc1a2819e9193474 Mon Sep 17 00:00:00 2001
From: Nicolas Duchon <nicolas.duchon@gmail.com>
Date: Tue, 19 Dec 2023 19:26:13 +0100
Subject: [PATCH] ci: add explicit provenance and enable sbom

---
 .github/workflows/build-publish.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
index 5c823c9..1d47393 100644
--- a/.github/workflows/build-publish.yml
+++ b/.github/workflows/build-publish.yml
@@ -89,7 +89,9 @@ jobs:
             NGINX_PROXY_VERSION=${{ steps.nginx-proxy_version.outputs.VERSION }}
             DOCKER_GEN_VERSION=${{ steps.docker-gen_version.outputs.VERSION }}
           platforms: linux/amd64,linux/arm64,linux/arm/v7
+          sbom: true
           push: true
+          provenance: mode=max
           tags: ${{ steps.docker_meta.outputs.tags }}
           labels: ${{ steps.docker_meta.outputs.labels }}
           cache-from: type=gha