I decided to leave them out of the bake definition since they can interfere with direct-loading of images for testing; you get this error trying to use --load with buildx bake and these new attestation settings: ERROR: docker exporter does not currently support exporting manifest lists.
⚙️ Summary
This PR adds SBOM and Provenance attestations to the build. See the docs here for more reference.
They're added only to the GH actions config. If you want to apply them locally for testing, build with something similar to:
I decided to leave them out of the bake definition since they can interfere with direct-loading of images for testing; you get this error trying to use
--loadwith buildx bake and these new attestation settings:ERROR: docker exporter does not currently support exporting manifest lists.