dcroote
commented
1 month ago This is already present as of #441
You can confirm via:
docker buildx imagetools inspect api3/dao-dashboard:latest --format "{{ json .Provenance.SLSA }}" | jq '.builder, .metadata.buildFinishedOn, .metadata."https://mobyproject.org/buildkit@v1#metadata".vcs'which yields:
{
"id": "https://github.com/api3dao/api3-dao-dashboard/actions/runs/8781350553"
}
"2024-04-22T09:03:14.218599696Z"
{
"localdir:context": ".",
"localdir:dockerfile": ".",
"revision": "ef58bfb106d4419c5fbc9828ec4a335831dce883",
"source": "https://github.com/api3dao/api3-dao-dashboard"
}And notice the revision is equivalent to the latest production branch sha.
See: https://docs.docker.com/build/attestations/slsa-provenance/