From 55ac4fa8c9cc6aaaec0a291a60792cfa7f3ca477 Mon Sep 17 00:00:00 2001
From: Catalan Lover <catalanlover@protonmail.com>
Date: Sun, 17 May 2026 20:33:35 +0200
Subject: [PATCH] Perfect Attestation work and cleanup missing GHCR Attestation

---
 .github/workflows/docker-hub-develop.yml    | 1 +
 .github/workflows/docker-hub-latest.yml     | 1 +
 .github/workflows/docker-hub-release.yml    | 1 +
 .github/workflows/ghcr-all-dev-branches.yml | 9 +++++++++
 4 files changed, 12 insertions(+)

diff --git a/.github/workflows/docker-hub-develop.yml b/.github/workflows/docker-hub-develop.yml
index b2e2db7a..0a3df06c 100644
--- a/.github/workflows/docker-hub-develop.yml
+++ b/.github/workflows/docker-hub-develop.yml
@@ -71,6 +71,7 @@ jobs:
           # prettier-ignore
           outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=Drapunir is a community management platform for Matrix.
           sbom: true
+          provenance: true
           tags: |
             ${{ env.DOCKER_NAMESPACE }}/draupnir:develop
 
diff --git a/.github/workflows/docker-hub-latest.yml b/.github/workflows/docker-hub-latest.yml
index 6044fcf4..7df3d731 100644
--- a/.github/workflows/docker-hub-latest.yml
+++ b/.github/workflows/docker-hub-latest.yml
@@ -71,6 +71,7 @@ jobs:
           # prettier-ignore
           outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=Drapunir is a community management platform for Matrix.
           sbom: true
+          provenance: true
           tags: |
             ${{ env.DOCKER_NAMESPACE }}/draupnir:latest
 
diff --git a/.github/workflows/docker-hub-release.yml b/.github/workflows/docker-hub-release.yml
index 9caa099c..92ba0d06 100644
--- a/.github/workflows/docker-hub-release.yml
+++ b/.github/workflows/docker-hub-release.yml
@@ -72,6 +72,7 @@ jobs:
           # prettier-ignore
           outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=Drapunir is a community management platform for Matrix.
           sbom: true
+          provenance: true
           tags: |
             ${{ env.DOCKER_NAMESPACE }}/draupnir:${{ steps.release_version.outputs.release_version }}
 
diff --git a/.github/workflows/ghcr-all-dev-branches.yml b/.github/workflows/ghcr-all-dev-branches.yml
index ce3efd77..9d206ed9 100644
--- a/.github/workflows/ghcr-all-dev-branches.yml
+++ b/.github/workflows/ghcr-all-dev-branches.yml
@@ -90,4 +90,13 @@ jobs:
           # prettier-ignore
           outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=Drapunir is a community management platform for Matrix.
           sbom: true
+          provenance: true
           tags: ${{ steps.meta.outputs.tags }}
+
+      - name: Attest pushed image
+        uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26
+        with:
+          # prettier-ignore
+          subject-name: ghcr.io/${{ steps.image_owner.outputs.image_owner }}/${{ env.IMAGE_NAME }}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true