add provenance for containers system image

Change-Id: Idd3f7eeb8b4ad6ad368b7829f01ee50b17a309a8
project-oak · Apr 15, 2024 · 22ff81c · 22ff81c
1 parent 11fe6e6
commit 22ff81c
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/.github/workflows/provenance.yaml b/.github/workflows/provenance.yaml
@@ -28,6 +28,7 @@ jobs:
           - buildconfigs/key_xor_test_app.toml
           - buildconfigs/oak_containers_kernel.toml
           - buildconfigs/oak_containers_stage1.toml
+          - buildconfigs/oak_containers_system_image.toml
           - buildconfigs/oak_echo_enclave_app.toml
           - buildconfigs/oak_echo_raw_enclave_app.toml
           - buildconfigs/oak_functions_enclave_app.toml

diff --git a/buildconfigs/oak_containers_system_image.toml b/buildconfigs/oak_containers_system_image.toml
@@ -0,0 +1,12 @@
+# This is the static build configuration that we use with the docker-based SLSA3 generator for
+# building the `stage1` binary, and its provenance.
+# See https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/docker.
+command = [
+  "nix",
+  "develop",
+  ".#containers",
+  "--command",
+  "just",
+  "oak_containers_system_image",
+]
+artifact_path = "./oak_containers_system_image/target/image.tar.xz"