From f4a3149a2f4edafaacebea211d3c2cf7d923bfa6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 Jan 2024 10:03:05 +0000
Subject: [PATCH 1/3] build(deps): bump docker/bake-action from 2 to 4

Bumps [docker/bake-action](https://github.com/docker/bake-action) from 2 to 4.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](https://github.com/docker/bake-action/compare/v2...v4)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/build.yml       | 4 ++--
 .github/workflows/conformance.yml | 2 +-
 .github/workflows/docs.yml        | 2 +-
 .github/workflows/e2e.yml         | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 317d15bed..515df1065 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -114,7 +114,7 @@ jobs:
 
       -
         name: Build artifacts
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v4
         with:
           targets: artifact-all
       -
@@ -130,7 +130,7 @@ jobs:
           if-no-files-found: error
       -
         name: Build image
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v4
         with:
           files: |
             ./docker-bake.hcl
diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml
index 8c530d806..0abd206a5 100644
--- a/.github/workflows/conformance.yml
+++ b/.github/workflows/conformance.yml
@@ -22,7 +22,7 @@ jobs:
           fetch-depth: 0
       -
         name: Build image
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v4
         with:
           targets: image-local
       -
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index d0ff4b407..0f2942b90 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -30,7 +30,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Build docs
-        uses: docker/bake-action@v3
+        uses: docker/bake-action@v4
         with:
           files: |
             docker-bake.hcl
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index f4d338f0f..73896b223 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -25,7 +25,7 @@ jobs:
           fetch-depth: 0
       -
         name: Build image
-        uses: docker/bake-action@v2
+        uses: docker/bake-action@v4
         with:
           targets: image-local
       -

From f09bf31f3ef2427f2c6b612ced905a8d8b55f32c Mon Sep 17 00:00:00 2001
From: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Date: Fri, 12 Jan 2024 11:30:32 +0100
Subject: [PATCH 2/3] ci: handle provenance for built artifacts

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
---
 .github/workflows/build.yml | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 515df1065..34f721483 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -102,7 +102,6 @@ jobs:
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-
       -
         name: Log in to GitHub Container registry
         if: github.event_name != 'pull_request'
@@ -111,16 +110,27 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-
       -
         name: Build artifacts
         uses: docker/bake-action@v4
         with:
           targets: artifact-all
       -
-        name: Move artifacts
+        name: Rename provenance
+        run: |
+          for pdir in ./bin/*/; do
+            (
+              cd "$pdir"
+              binname=$(find . -name '*.tar.gz')
+              filename=$(basename "${binname%.tar.gz}")
+              mv "provenance.json" "${filename}.provenance.json"
+            )
+          done
+      -
+        name: Move and list artifacts
         run: |
           mv ./bin/**/* ./bin/
+          tree -nh ./bin
       -
         name: Upload artifacts
         uses: actions/upload-artifact@v3
@@ -145,6 +155,7 @@ jobs:
           draft: true
           files: |
             bin/*.tar.gz
+            bin/*.provenance.json
             bin/*.sha256
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From 6b14735dbf4c9fd5e199d887da09b22fffd6426d Mon Sep 17 00:00:00 2001
From: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Date: Fri, 12 Jan 2024 11:32:11 +0100
Subject: [PATCH 3/3] ci: disable provenance when generating docs

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
---
 .github/workflows/docs.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 0f2942b90..4df95ea21 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -35,6 +35,7 @@ jobs:
           files: |
             docker-bake.hcl
           targets: docs-export
+          provenance: false
           set: |
             *.cache-from=type=gha,scope=docs
             *.cache-to=type=gha,scope=docs,mode=max