test provenance

Author: Water-Melon

.github/workflows/docker-build-and-push.yml

@@ -1,12 +1,15 @@
 name: Docker Image CI
 
 on:
+  pull_request:
   push:
     branches: [ master ]
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    outputs:
+      image_digest: ${{ steps.get_digest.outputs.digest }}
     steps:
     - uses: actions/checkout@v3
     - name: Build the Docker image
@@ -18,3 +21,28 @@ jobs:
         docker login --username=${{ secrets.DOCKER_USERNAME }} --password=${{ secrets.DOCKER_PASSWORD }} 
         docker build . --file Dockerfile --tag $docker_repo/$image_name:$tag
         docker push $docker_repo/$image_name:$tag
+    - name: Get Docker image digest
+      id: get_digest
+      run: |
+        digest=$(docker inspect --format='{{index .Id}}' melonc/melon:latest)
+        echo "::set-output name=digest::$digest"
+        echo "$digest"
+
+  build-images-provenance:
+    name: Provenance
+    needs: build
+    permissions:
+      id-token: write
+      actions: read
+      packages: write
+    uses: Water-Melon/slsa-github-generator/.github/workflows/[email protected]
+    with:
+      image: "melonc/melon"
+      digest: "${{ needs.build.outputs.image_digest }}"
+      private-repository: true
+      provenance-repository: "melonc/melon"
+    secrets:
+      registry-password: ${{ secrets.DOCKER_PASSWORD }}
+      registry-username: ${{ secrets.DOCKER_USERNAME }}
+      provenance-registry-username: ${{ secrets.DOCKER_USERNAME }}
+      provenance-registry-password: ${{ secrets.DOCKER_PASSWORD }}