Automatically downcases the subject name when the push-to-registry flag is supplied. The OCI spec requires that the image repository name be all lower-case, so any time a user is pushing an attestation to a registry the subject name MUST conform to the OCI spec.
This is mainly a problem when the GitHub repository name is used as the repository name with something like this:
If the GH repository name happens to contain uppercase characters this will fail.
The change made here will ensure that this use case will succeed even if the GH repo name contains uppercase characters.
It's worth noting that the docker/metadata-action and docker/buid-push-action actions perform a similar transformation on the input to ensure a valid image name.
Automatically downcases the subject name when the
push-to-registryflag is supplied. The OCI spec requires that the image repository name be all lower-case, so any time a user is pushing an attestation to a registry the subject name MUST conform to the OCI spec.This is mainly a problem when the GitHub repository name is used as the repository name with something like this:
If the GH repository name happens to contain uppercase characters this will fail.
The change made here will ensure that this use case will succeed even if the GH repo name contains uppercase characters.
It's worth noting that the
docker/metadata-actionanddocker/buid-push-actionactions perform a similar transformation on the input to ensure a valid image name.See: https://github.com/actions/attest-build-provenance/issues/71