Revert "ci(package): upload Docker image with provenance"

The attest actions, instead of adding the provenance to the pushed manifest, are uploading a new layer, polluting the UI of both services. The Docker build action already had provenance enabled, so the GitHub's ones are unnecessary. This reverts commit 40d26bf.
jellyfin · Sep 10, 2024 · bea8aa6 · bea8aa6
1 parent fcd3c8f
commit bea8aa6
Showing 1 changed file with 1 addition and 15 deletions.
diff --git a/.github/workflows/__package.yml b/.github/workflows/__package.yml
@@ -282,7 +282,7 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.JF_BOT_TOKEN }}
 
-      - name: Create multiplatform image and push 🛠️⬆️
+      - name: Create multiplatform image ${{ inputs.push && 'and push 🛠️⬆️' || '🛠️' }} 
         uses: docker/[email protected]
         id: image
         with:
@@ -306,17 +306,3 @@ jobs:
         with:
           name: |
             buildx-*
-
-      - name: Create provenance attestation (ghcr.io) 🔏
-        uses: actions/[email protected]
-        with:
-          subject-name: ghcr.io/${{ env.REGISTRY_IMAGE }}
-          subject-digest: ${{ steps.image.outputs.digest }}
-          push-to-registry: true
-
-      - name: Create provenance attestation (docker.io) 🔏
-        uses: actions/[email protected]
-        with:
-          subject-name: docker.io/${{ env.REGISTRY_IMAGE }}
-          subject-digest: ${{ steps.image.outputs.digest }}
-          push-to-registry: true